pg_rls 0.0.1.alpha → 0.0.1.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ed56d6024c7658ebdf54879615273e29b9337f178b27a56352d2b3ba831b53d
-  data.tar.gz: 10ed3f8ae3350ef016a0138fcee0dfaa875c93f399ec3bca3a258f3f6f8d1639
+  metadata.gz: eff1edae4e2b864b6d1c50dbe73330ddd3092314fc0f0654ce631dd3f2381e73
+  data.tar.gz: f61c086a2319def269009a8acd4bb712457913cb23703d4f592486c1adc76161
 SHA512:
-  metadata.gz: 7bc62b85e6065bcfd687de04809efffd295a47b66f9ef72afa8f236a7b2750888ebc55df8e8b371c674a879d18204338328c5684835ca6fb09bb2d6456985302
-  data.tar.gz: 28ab96d49303876ed85573439140695db0adf475f4b2f2253d99c5c99f6b2069eda679c10b87c9275bd7e40b8cd2c4981cf5e6614b61cb8417f9e9ec431b7c23
+  metadata.gz: 88eaa010df64b8ba78630841f3ac886c44dca7929e43016e2dcbe6b4000a06ad41d0606e94fe7457eb3c46fe0e3c341d2208bf6b5fd64553fcd9eedbaee59c7a
+  data.tar.gz: 70aef5056d562fb96a2189d580f3b3cc31b1efb4ef71433969f8896268cdf0286bc5450b9b855166e48580d12aed451d0771c672611c3a934f7f046be2ea8dc9

data/.rubocop.yml

@@ -1,5 +1,7 @@
 AllCops:
   TargetRubyVersion: 3.0
   NewCops: enable
+  Exclude:
+    - lib/generators/pg_rls/active_record/templates/migration.rb
 Layout/LineLength:
   Max: 120

data/Gemfile

@@ -13,3 +13,5 @@ gem 'rake'
 gem 'rspec'
 
 gem 'rubocop'
+
+gem 'rspec-rails'

data/Gemfile.lock

@@ -2,6 +2,7 @@ PATH
   remote: .
   specs:
     pg_rls (0.0.1.alpha)
+      bundler (>= 2.2.10)
 
 GEM
   remote: https://rubygems.org/
@@ -136,6 +137,14 @@ GEM
     rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
+    rspec-rails (5.0.2)
+      actionpack (>= 5.2)
+      activesupport (>= 5.2)
+      railties (>= 5.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
     rspec-support (3.10.2)
     rubocop (1.22.1)
       parallel (~> 1.10)
@@ -173,6 +182,7 @@ DEPENDENCIES
   rails (~> 6.1.4, >= 6.1.4.1)
   rake
   rspec
+  rspec-rails
   rubocop
 
 RUBY VERSION

data/README.md

@@ -22,8 +22,17 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+RUN `rails generate pg_rls:install company`
 
+You can change company to anything you'd like like for example `tenant`
+this will generate the model and inject all the required code
+
+for any new model that required to be under rls you can generate it by writing 
+
+`rails generate pg_rls user`
+and it will generate all the necesary information for you
+
+enjoy the gem :) 
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -32,7 +41,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/pg_rls. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/pg_rls/blob/master/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/dandush03/pg_rls. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/dandush03/pg_rls/blob/master/CODE_OF_CONDUCT.md).
 
 ## License
 
@@ -40,4 +49,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the PgRls project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/pg_rls/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the PgRls project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/dandush03/pg_rls/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -10,3 +10,12 @@ require 'rubocop/rake_task'
 RuboCop::RakeTask.new
 
 task default: %i[spec rubocop]
+
+desc 'Generate documentation for PgRls.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'PgRls'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/generators/pg_rls/active_record/active_record_generator.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'rails/generators/active_record/model/model_generator'
+require File.join(File.dirname(__FILE__), '../base')
+
+module PgRls
+  module Generators
+    # Active Record Generator
+    class ActiveRecordGenerator < ::ActiveRecord::Generators::ModelGenerator
+      include ::PgRls::Base
+
+      source_root File.expand_path('./templates', __dir__)
+
+      hook_for :test_framework
+
+      def create_migration_file
+        migration_template migration_template_path, "#{migration_path}/#{file_sub_name}_#{table_name}.rb",
+                           migration_version: migration_version
+      end
+
+      def create_model_file
+        generate_abstract_class if database && !parent
+        template model_template_path, File.join('app/models', class_path, "#{file_name}.rb")
+      end
+
+      def migration_template_path
+        return 'init_migration.rb.tt' if installation_in_progress?
+
+        'migration.rb.tt'
+      end
+
+      def model_template_path
+        return 'init_model.rb.tt' if installation_in_progress?
+
+        'model.rb.tt'
+      end
+
+      def file_sub_name
+        return 'pg_rls_tenant_create' if installation_in_progress?
+
+        'pg_rls_create'
+      end
+
+      def installation_in_progress?
+        shell.base.class.name.include?('Install')
+      end
+
+      def migration_version
+        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+      end
+
+      def migration_path
+        db_migrate_path
+      end
+
+      protected
+
+      def migration_action() = 'add'
+    end
+  end
+end

data/lib/generators/pg_rls/active_record/templates/abstract_base_class.rb.tt

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+<% module_namespacing do -%>
+class <%= abstract_class_name %> < ApplicationRecord
+  self.abstract_class = true
+
+  connects_to database: { <%= ActiveRecord.writing_role %>: :<%= database -%> }
+end
+<% end -%>

data/lib/generators/pg_rls/active_record/templates/init_migration.rb.tt

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class PgRlsTenantCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def up
+    create_rls_tenant_table :<%= table_name %>, id: :uuid do |t|
+      t.string :name
+      t.string :logo
+
+      t.string :identification
+      t.string :subdomain
+      t.string :domain
+
+      t.timestamps
+    end
+
+    add_index :companies, :name,            unique: true
+    add_index :companies, :identification,  unique: true
+    add_index :companies, :domain,          unique: true
+    add_index :companies, :subdomain,       unique: true
+  end
+
+  def down
+    drop_rls_tenant_table :companies
+  end
+end

data/lib/generators/pg_rls/active_record/templates/init_model.rb.tt

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+<% module_namespacing do -%>
+class <%= class_name %> < <%= parent_class_name.classify %>
+  def self.current
+    find_by_tenant_id(connection.execute("SELECT current_setting('rls.tenant_id')").getvalue(0, 0))
+  rescue ActiveRecord::StatementInvalid
+    'no tenant is selected'
+  end
+<% attributes.select(&:reference?).each do |attribute| -%>
+  belongs_to :<%= attribute.name %><%= ", polymorphic: true" if attribute.polymorphic? %>
+<% end -%>
+<% attributes.select(&:rich_text?).each do |attribute| -%>
+  has_rich_text :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:attachment?).each do |attribute| -%>
+  has_one_attached :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:attachments?).each do |attribute| -%>
+  has_many_attached :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:token?).each do |attribute| -%>
+  has_secure_token<% if attribute.name != "token" %> :<%= attribute.name %><% end %>
+<% end -%>
+<% if attributes.any?(&:password_digest?) -%>
+  has_secure_password
+<% end -%>
+end
+<% end -%>

data/lib/generators/pg_rls/active_record/templates/migration.rb.tt

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class PgRlsCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def up
+    create_rls_table :<%= table_name %><%= primary_key_type %> do |t|
+      <% attributes.each do |attribute| -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+      <% end -%>
+
+      t.timestamps null: false
+    end
+  end
+
+  def down
+    drop_rls_table :<%= table_name %>
+  end
+end

data/lib/generators/pg_rls/active_record/templates/model.rb.tt

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+<% module_namespacing do -%>
+class <%= class_name %> < <%= parent_class_name.classify %>
+<% attributes.select(&:reference?).each do |attribute| -%>
+  belongs_to :<%= attribute.name %><%= ", polymorphic: true" if attribute.polymorphic? %>
+<% end -%>
+<% attributes.select(&:rich_text?).each do |attribute| -%>
+  has_rich_text :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:attachment?).each do |attribute| -%>
+  has_one_attached :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:attachments?).each do |attribute| -%>
+  has_many_attached :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:token?).each do |attribute| -%>
+  has_secure_token<% if attribute.name != "token" %> :<%= attribute.name %><% end %>
+<% end -%>
+<% if attributes.any?(&:password_digest?) -%>
+  has_secure_password
+<% end -%>
+end
+<% end -%>

data/lib/generators/pg_rls/base.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module PgRls
+  # Main Definition for Generator
+  module Base
+    protected
+
+    def nested_parent_name
+      @class_path.join('/')
+    end
+
+    def nested_parent_id
+      "#{nested_parent_name}_id"
+    end
+
+    def nested_parent_class_name
+      nested_parent_name.classify
+    end
+
+    def plural_nested_parent_name
+      nested_parent_name.pluralize
+    end
+
+    def class_path
+      []
+    end
+
+    def regular_class_path
+      []
+    end
+
+    def controller_class_path
+      []
+    end
+  end
+end

data/lib/generators/pg_rls/install_generator.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'rails/generators/base'
+require 'securerandom'
+
+module PgRls
+  module Generators
+    MissingORMError = Class.new(Thor::Error)
+    # Installer Generator
+    class InstallGenerator < Rails::Generators::Base
+      APPLICATION_RECORD_LINE = 'class ApplicationRecord < ActiveRecord::Base'
+      APPLICATION_RECORD_PATH = 'app/models/application_record.rb'
+      APPLICATION_CONTROLLER_LINE = 'class ApplicationController < ActionController::Base'
+      APPLICATION_CONTROLLER_PATH = 'app/controllers/application_controller.rb'
+      source_root File.expand_path('../templates', __dir__)
+
+      desc 'Creates a PgRls initializer and copy locale files to your application.'
+
+      def orm_error_message
+        <<-ERROR.strip_heredoc
+        An ORM must be set to install PgRls in your application.
+        Be sure to have an ORM like Active Record or loaded in your
+        app or configure your own at `config/application.rb`.
+          config.generators do |g|
+            g.orm :your_orm_gem
+          end
+        ERROR
+      end
+
+      def copy_initializer
+        raise MissingORMError, orm_error_message unless options[:orm]
+
+        template 'pg_rls.rb.tt', 'config/initializers/pg_rls.rb'
+
+        inject_include_to_application_record
+        inject_include_to_application_controller
+      end
+
+      def inject_include_to_application_record
+        return if aplication_record_already_included?
+
+        gsub_file(APPLICATION_RECORD_PATH, /(#{Regexp.escape(APPLICATION_RECORD_LINE)})/mi) do |match|
+          "#{match}\n  include PgRls::SecureConnection\n"
+        end
+      end
+
+      def inject_include_to_application_controller
+        return if aplication_controller_already_included?
+
+        gsub_file(APPLICATION_CONTROLLER_PATH, /(#{Regexp.escape(APPLICATION_CONTROLLER_LINE)})/mi) do |match|
+          "#{match}\n  include PgRls::MultiTenancy\n"
+        end
+      end
+
+      def aplication_controller_already_included?
+        File.readlines(APPLICATION_CONTROLLER_PATH).grep(/include PgRls::MultiTenancy/).any?
+      end
+
+      def aplication_record_already_included?
+        File.readlines(APPLICATION_RECORD_PATH).grep(/include PgRls::SecureConnection/).any?
+      end
+
+      def initialize_error_text
+        <<-ERROR.strip_heredoc
+        ERROR
+      end
+
+      def show_readme
+        readme 'README' if behavior == :invoke
+      end
+
+      hook_for :orm, required: true
+    end
+  end
+end

data/lib/generators/pg_rls/pg_rls_generator.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative File.join(File.dirname(__FILE__), 'active_record/active_record_generator')
+
+module PgRls
+  module Generators
+    class PgRlsGenerator < ::Rails::Generators::NamedBase
+      # override ModelGenerator
+      hook_for :orm, required: true
+    end
+  end
+end

data/lib/generators/pg_rls.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'rails/generators/named_base'
+require 'rails/generators/active_model'
+require 'rails/generators/active_record/migration'
+require 'active_record'
+
+module PgRls
+  module Generators # :nodoc:
+    class PgRlsGenerator < Rails::Generators::NamedBase # :nodoc:
+      include PgRls::Generators::Migration
+
+      # Set the current directory as base for the inherited generators.
+      def self.base_root
+        __dir__
+      end
+    end
+  end
+end

data/lib/generators/templates/README

@@ -0,0 +1,19 @@
+README
+===============================================================================
+WARNING!!
+
+Once you remove a tenant all of his data would be removed as well
+
+PgRls::SecureConnection was included to your ApplicationRecord do not remove it
+
+===============================================================================
+
+to generate secure model run
+
+rails g pg_rls model_name
+
+or
+
+rails generate pg_rls model_name
+
+===============================================================================

data/lib/generators/templates/pg_rls.rb.tt

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'pg_rls'
+
+PgRls.setup do |_config|
+  ActiveRecord::ConnectionAdapters::AbstractAdapter.include PgRls::Schema::Statements
+end

data/lib/pg_rls/multi_tenancy.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module PgRls
+  # Ensure Connection is with App_use
+  module MultiTenancy
+    def self.included(base)
+      base.class_eval do
+        before_action :switch_tenant
+      end
+    end
+
+    private
+
+    def switch_tenant
+      Tenant.switch request.subdomain
+    rescue NoMethodError
+      redirect_to '/'
+    end
+  end
+end

data/lib/pg_rls/schema/down_statements.rb

@@ -4,8 +4,8 @@ module PgRls
   module Schema
     # Down Schema Statements
     module DownStatements
-      def drop_rls_user(name = :app_user)
-        ActiveRecord::Migration.execute "DROP USER #{name};"
+      def drop_rls_user
+        ActiveRecord::Migration.execute "DROP USER #{PgRls::SECURE_USERNAME};"
       end
 
       def drop_rls_blocking_function
@@ -37,9 +37,9 @@ module PgRls
         SQL
       end
 
-      def drop_rls_policy(table_name, user = :app_user)
+      def drop_rls_policy(table_name)
         ActiveRecord::Migration.execute <<-SQL
-          DROP POLICY #{table_name}_#{user} ON #{table_name};
+          DROP POLICY #{table_name}_#{PgRls::SECURE_USERNAME} ON #{table_name};
           ALTER TABLE #{table_name} DISABLE ROW LEVEL SECURITY;
         SQL
       end

data/lib/pg_rls/schema/up_statements.rb

@@ -4,7 +4,7 @@ module PgRls
   module Schema
     # Up Schema Statements
     module UpStatements
-      def create_rls_user(name: :app_user, password: 'password')
+      def create_rls_user(name: PgRls::SECURE_USERNAME, password: 'password')
         PgRls.execute <<-SQL
           DROP ROLE IF EXISTS #{name};
           CREATE USER #{name} WITH PASSWORD '#{password}';
@@ -71,7 +71,7 @@ module PgRls
         SQL
       end
 
-      def create_rls_policy(table_name, user = :app_user)
+      def create_rls_policy(table_name, user = PgRls::SECURE_USERNAME)
         ActiveRecord::Migration.execute <<-SQL
           ALTER TABLE #{table_name} ENABLE ROW LEVEL SECURITY;
           CREATE POLICY #{table_name}_#{user}

data/lib/pg_rls/secure_connection.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module PgRls
+  # Ensure Connection is with App_use
+  module SecureConnection
+    def self.included(base)
+      base.class_eval do
+        after_initialize :establish_secure_connection
+      end
+    end
+
+    private
+
+    def establish_secure_connection
+      return if secure_connection_established?
+
+      PgRls.establish_new_connection
+    end
+
+    def secure_connection_established?
+      PgRls.current_connection_username == PgRls::SECURE_USERNAME
+    end
+  end
+end

data/lib/pg_rls/{tenant/tenant.rb → tenant.rb}

@@ -6,10 +6,11 @@ module PgRls
     class << self
       SET_COMPANY_ID_SQL = 'SET rls.tenant_id = %s'
       def switch(resource)
-        connection_adapter = PgRls.establish_new_connection
+        connection_adapter = PgRls.connection_class
         tenant = tenant_by_subdomain_uuid_or_tenant_id(resource)
-        connection_adapter.connection.execute(format('SET rls.tenant_id = %s', connection_adapter.connection.quote(tenant.tenant_id)))
-        puts "connected to #{resource}"
+        connection_adapter.connection.execute(format(SET_COMPANY_ID_SQL,
+                                                     connection_adapter.connection.quote(tenant.tenant_id)))
+        "RLS changed to '#{tenant}'"
       rescue StandardError => e
         puts 'connection was not made'
         puts e

data/lib/pg_rls/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PgRls
-  VERSION = '0.0.1.alpha'
+  VERSION = '0.0.1.beta'
 end

data/lib/pg_rls.rb

@@ -4,11 +4,14 @@ require 'active_record'
 require 'forwardable'
 require_relative 'pg_rls/version'
 require_relative 'pg_rls/schema/statements'
-require_relative 'pg_rls/tenant/tenant'
+require_relative 'pg_rls/tenant'
+require_relative 'pg_rls/secure_connection'
+require_relative 'pg_rls/multi_tenancy'
 
 # PostgreSQL Row Level Security
 module PgRls
   class Error < StandardError; end
+  SECURE_USERNAME = 'app_user'
 
   class << self
     extend Forwardable
@@ -38,17 +41,21 @@ module PgRls
 
     def establish_new_connection
       connection_class.establish_connection(
-        connection_class.connection_config.dup.tap { |n| n[:username] = 'app_user' }
+        **database_configuration
       )
     end
 
+    def current_connection_username
+      PgRls.connection_class.connection_db_config.configuration_hash[:username]
+    end
+
     def execute(query)
       @execute = ActiveRecord::Migration.execute(query)
     end
 
     def database_configuration
       @database_configuration ||= database_connection_file[Rails.env].tap do |config|
-        config['username'] = 'app_user'
+        config['username'] = PgRls::SECURE_USERNAME
       end
     end
   end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: pg_rls
 version: !ruby/object:Gem::Version
-  version: 0.0.1.alpha
+  version: 0.0.1.beta
 platform: ruby
 authors:
 - Daniel Laloush
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-10-05 00:00:00.000000000 Z
-dependencies: []
+date: 2021-10-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
 description: Write a longer description or delete this line.
 email:
 - daniel.laloush@influitive.com
@@ -28,11 +42,25 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- lib/generators/pg_rls.rb
+- lib/generators/pg_rls/active_record/active_record_generator.rb
+- lib/generators/pg_rls/active_record/templates/abstract_base_class.rb.tt
+- lib/generators/pg_rls/active_record/templates/init_migration.rb.tt
+- lib/generators/pg_rls/active_record/templates/init_model.rb.tt
+- lib/generators/pg_rls/active_record/templates/migration.rb.tt
+- lib/generators/pg_rls/active_record/templates/model.rb.tt
+- lib/generators/pg_rls/base.rb
+- lib/generators/pg_rls/install_generator.rb
+- lib/generators/pg_rls/pg_rls_generator.rb
+- lib/generators/templates/README
+- lib/generators/templates/pg_rls.rb.tt
 - lib/pg_rls.rb
+- lib/pg_rls/multi_tenancy.rb
 - lib/pg_rls/schema/down_statements.rb
 - lib/pg_rls/schema/statements.rb
 - lib/pg_rls/schema/up_statements.rb
-- lib/pg_rls/tenant/tenant.rb
+- lib/pg_rls/secure_connection.rb
+- lib/pg_rls/tenant.rb
 - lib/pg_rls/version.rb
 homepage: https://github.com/Dandush03/pg_rls
 licenses: