pg_sql_triggers 1.2.0 → 1.3.0

data/app/assets/javascripts/pg_sql_triggers/trigger_actions.js

@@ -0,0 +1,50 @@
+// AJAX handlers for trigger actions
+(function() {
+  'use strict';
+
+  // Handle AJAX form submissions
+  document.addEventListener('DOMContentLoaded', function() {
+    // Set up AJAX error handling
+    document.addEventListener('ajax:error', function(event) {
+      const detail = event.detail || [];
+      const error = detail[0] || {};
+      const status = error.status || 500;
+      const message = error.message || 'An error occurred';
+
+      alert('Error: ' + message);
+      console.error('AJAX Error:', error);
+    });
+
+    // Handle AJAX success for trigger actions
+    document.addEventListener('ajax:success', function(event) {
+      const [data, status, xhr] = event.detail;
+      
+      // If the response contains a redirect, follow it
+      if (xhr.getResponseHeader('Location')) {
+        window.location.href = xhr.getResponseHeader('Location');
+      } else {
+        // Otherwise, reload the page to show updated state
+        window.location.reload();
+      }
+    });
+
+    // Handle AJAX complete to show loading states
+    document.addEventListener('ajax:before', function(event) {
+      const form = event.target;
+      const submitButton = form.querySelector('button[type="submit"], button[type="button"]');
+      if (submitButton) {
+        submitButton.disabled = true;
+        submitButton.textContent = 'Processing...';
+      }
+    });
+
+    document.addEventListener('ajax:complete', function(event) {
+      const form = event.target;
+      const submitButton = form.querySelector('button[type="submit"], button[type="button"]');
+      if (submitButton) {
+        submitButton.disabled = false;
+      }
+    });
+  });
+})();
+

data/app/controllers/concerns/pg_sql_triggers/error_handling.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  module ErrorHandling
+    extend ActiveSupport::Concern
+
+    # Handles errors and formats them for display.
+    # Returns a formatted error message for flash display.
+    #
+    # @param error [Exception] The error to format
+    # @return [String] Formatted error message
+    def format_error_for_flash(error)
+      return error.to_s unless error.is_a?(PgSqlTriggers::Error)
+
+      # Use user_message which includes recovery suggestions
+      error.user_message
+    end
+
+    # Rescues from PgSqlTriggers errors and sets appropriate flash messages.
+    #
+    # @param error [Exception] The error to handle
+    # @return [void]
+    def rescue_pg_sql_triggers_error(error)
+      Rails.logger.error("#{error.class.name}: #{error.message}")
+      Rails.logger.error(error.backtrace.join("\n")) if Rails.env.development? && error.respond_to?(:backtrace)
+
+      flash[:error] = if error.is_a?(PgSqlTriggers::Error)
+                        format_error_for_flash(error)
+                      else
+                        "An unexpected error occurred: #{error.message}"
+                      end
+    end
+
+    # Handles kill switch errors with appropriate flash message and redirect.
+    #
+    # @param error [PgSqlTriggers::KillSwitchError] The kill switch error
+    # @param redirect_path [String, nil] Optional redirect path (defaults to root_path)
+    # @return [void]
+    def handle_kill_switch_error(error, redirect_path: nil)
+      flash[:error] = error.message
+      redirect_to redirect_path || root_path
+    end
+
+    # Handles standard errors with logging and flash message.
+    #
+    # @param error [Exception] The error to handle
+    # @param operation [String] Description of the operation that failed
+    # @param redirect_path [String, nil] Optional redirect path (defaults to root_path)
+    # @return [void]
+    def handle_standard_error(error, operation:, redirect_path: nil)
+      Rails.logger.error("#{operation} failed: #{error.message}\n#{error.backtrace.join("\n")}")
+      flash[:error] = "#{operation}: #{error.message}"
+      redirect_to redirect_path || root_path
+    end
+  end
+end

data/app/controllers/concerns/pg_sql_triggers/kill_switch_protection.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  module KillSwitchProtection
+    extend ActiveSupport::Concern
+
+    included do
+      # Helper method available in views
+      helper_method :kill_switch_active?, :expected_confirmation_text, :current_environment
+    end
+
+    # Checks if kill switch is active for the current environment.
+    #
+    # @return [Boolean] true if kill switch is active, false otherwise
+    def kill_switch_active?
+      PgSqlTriggers::SQL::KillSwitch.active?(environment: current_environment)
+    end
+
+    # Checks kill switch before executing a dangerous operation.
+    # Raises KillSwitchError if the operation is blocked.
+    #
+    # @param operation [Symbol] The operation being performed
+    # @param confirmation [String, nil] Optional confirmation text from params
+    # @raise [PgSqlTriggers::KillSwitchError] If the operation is blocked
+    # @return [true] If the operation is allowed
+    def check_kill_switch(operation:, confirmation: nil)
+      PgSqlTriggers::SQL::KillSwitch.check!(
+        operation: operation,
+        environment: current_environment,
+        confirmation: confirmation,
+        actor: current_actor
+      )
+    end
+
+    # Before action to require kill switch override for an action.
+    # Add to specific controller actions that need protection:
+    #   before_action -> { require_kill_switch_override(:operation_name) }, only: [:dangerous_action]
+    #
+    # @param operation [Symbol] The operation name
+    # @param confirmation [String, nil] Optional confirmation text
+    # @raise [PgSqlTriggers::KillSwitchError] If the operation is blocked
+    def require_kill_switch_override(operation, confirmation: nil)
+      check_kill_switch(operation: operation, confirmation: confirmation)
+    end
+
+    # Returns the expected confirmation text for an operation (for use in views).
+    #
+    # @param operation [Symbol] The operation name
+    # @return [String] The expected confirmation text
+    def expected_confirmation_text(operation)
+      if PgSqlTriggers.respond_to?(:kill_switch_confirmation_pattern) &&
+         PgSqlTriggers.kill_switch_confirmation_pattern.respond_to?(:call)
+        PgSqlTriggers.kill_switch_confirmation_pattern.call(operation)
+      else
+        "EXECUTE #{operation.to_s.upcase}"
+      end
+    end
+
+    # Returns the current environment.
+    #
+    # @return [String] The current Rails environment
+    def current_environment
+      Rails.env
+    end
+  end
+end

data/app/controllers/concerns/pg_sql_triggers/permission_checking.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  module PermissionChecking
+    extend ActiveSupport::Concern
+
+    included do
+      # Helper methods available in views
+      helper_method :current_actor, :can_view_triggers?, :can_enable_disable_triggers?,
+                    :can_drop_triggers?, :can_execute_sql?, :can_generate_triggers?, :can_apply_triggers?
+    end
+
+    # Returns the current actor (user) performing the action.
+    # Override this method in host application to provide actual user.
+    #
+    # @return [Hash] Actor information with :type and :id keys
+    def current_actor
+      {
+        type: current_user_type,
+        id: current_user_id
+      }
+    end
+
+    # Returns the current user type.
+    # Override this method in host application.
+    #
+    # @return [String] User type (default: "User")
+    def current_user_type
+      "User"
+    end
+
+    # Returns the current user ID.
+    # Override this method in host application.
+    #
+    # @return [String] User ID (default: "unknown")
+    def current_user_id
+      "unknown"
+    end
+
+    # Checks if current actor has viewer permissions.
+    #
+    # @raise [ActionController::RedirectError] Redirects if permission denied
+    def check_viewer_permission
+      can_access = begin
+        PgSqlTriggers::Permissions.can?(current_actor, :view_triggers, environment: current_environment)
+      rescue StandardError => e
+        Rails.logger.error("Permission check failed: #{e.message}\n#{e.backtrace.join("\n")}")
+        false
+      end
+      return if can_access
+
+      redirect_to root_path, alert: "Insufficient permissions. Viewer role required."
+    end
+
+    # Checks if current actor has operator permissions (enable/disable/apply).
+    #
+    # @raise [ActionController::RedirectError] Redirects if permission denied
+    def check_operator_permission
+      can_access = begin
+        PgSqlTriggers::Permissions.can?(current_actor, :enable_trigger, environment: current_environment)
+      rescue StandardError => e
+        Rails.logger.error("Permission check failed: #{e.message}\n#{e.backtrace.join("\n")}")
+        false
+      end
+      return if can_access
+
+      redirect_to root_path, alert: "Insufficient permissions. Operator role required."
+    end
+
+    # Checks if current actor has admin permissions (drop/re-execute/execute SQL).
+    #
+    # @raise [ActionController::RedirectError] Redirects if permission denied
+    def check_admin_permission
+      can_access = begin
+        PgSqlTriggers::Permissions.can?(current_actor, :drop_trigger, environment: current_environment)
+      rescue StandardError => e
+        Rails.logger.error("Permission check failed: #{e.message}\n#{e.backtrace.join("\n")}")
+        false
+      end
+      return if can_access
+
+      redirect_to root_path, alert: "Insufficient permissions. Admin role required."
+    end
+
+    # Permission helper methods for views
+
+    # @return [Boolean] true if current actor can view triggers
+    def can_view_triggers?
+      PgSqlTriggers::Permissions.can?(current_actor, :view_triggers, environment: current_environment)
+    end
+
+    # @return [Boolean] true if current actor can enable/disable triggers
+    def can_enable_disable_triggers?
+      PgSqlTriggers::Permissions.can?(current_actor, :enable_trigger, environment: current_environment)
+    end
+
+    # @return [Boolean] true if current actor can drop triggers
+    def can_drop_triggers?
+      PgSqlTriggers::Permissions.can?(current_actor, :drop_trigger, environment: current_environment)
+    end
+
+    # @return [Boolean] true if current actor can execute SQL capsules
+    def can_execute_sql?
+      PgSqlTriggers::Permissions.can?(current_actor, :execute_sql, environment: current_environment)
+    end
+
+    # @return [Boolean] true if current actor can generate triggers
+    def can_generate_triggers?
+      PgSqlTriggers::Permissions.can?(current_actor, :apply_trigger, environment: current_environment)
+    end
+
+    # @return [Boolean] true if current actor can apply triggers
+    def can_apply_triggers?
+      PgSqlTriggers::Permissions.can?(current_actor, :apply_trigger, environment: current_environment)
+    end
+  end
+end

data/app/controllers/pg_sql_triggers/application_controller.rb

@@ -1,81 +1,29 @@
 # frozen_string_literal: true
 
 module PgSqlTriggers
+  # Base controller for all pg_sql_triggers controllers.
+  # Includes common concerns for kill switch protection, permission checking, and error handling.
   class ApplicationController < ActionController::Base
     include PgSqlTriggers::Engine.routes.url_helpers
+    include PgSqlTriggers::KillSwitchProtection
+    include PgSqlTriggers::PermissionChecking
+    include PgSqlTriggers::ErrorHandling
 
     protect_from_forgery with: :exception
     layout "pg_sql_triggers/application"
 
     before_action :check_permissions?
 
-    # Helper methods available in views
-    helper_method :current_environment, :kill_switch_active?, :expected_confirmation_text, :current_actor
+    # Include permissions helper for view helpers
+    include PgSqlTriggers::PermissionsHelper
 
     private
 
+    # Override this method in host application to implement custom permission checks.
+    #
+    # @return [Boolean] true if permissions check passes
     def check_permissions?
-      # Override this method in host application to implement custom permission checks
       true
     end
-
-    def current_actor
-      # Override this in host application to provide actual user
-      {
-        type: current_user_type,
-        id: current_user_id
-      }
-    end
-
-    def current_user_type
-      "User"
-    end
-
-    def current_user_id
-      "unknown"
-    end
-
-    # ========== Kill Switch Helpers ==========
-
-    # Returns the current environment
-    def current_environment
-      Rails.env
-    end
-
-    # Checks if kill switch is active for the current environment
-    def kill_switch_active?
-      PgSqlTriggers::SQL::KillSwitch.active?(environment: current_environment)
-    end
-
-    # Checks kill switch before executing a dangerous operation
-    # Raises KillSwitchError if the operation is blocked
-    #
-    # @param operation [Symbol] The operation being performed
-    # @param confirmation [String, nil] Optional confirmation text from params
-    def check_kill_switch(operation:, confirmation: nil)
-      PgSqlTriggers::SQL::KillSwitch.check!(
-        operation: operation,
-        environment: current_environment,
-        confirmation: confirmation,
-        actor: current_actor
-      )
-    end
-
-    # Before action to require kill switch override for an action
-    # Add to specific controller actions that need protection:
-    #   before_action -> { require_kill_switch_override(:operation_name) }, only: [:dangerous_action]
-    def require_kill_switch_override(operation, confirmation: nil)
-      check_kill_switch(operation: operation, confirmation: confirmation)
-    end
-
-    # Returns the expected confirmation text for an operation (for use in views)
-    def expected_confirmation_text(operation)
-      if PgSqlTriggers.respond_to?(:kill_switch_confirmation_pattern) &&
-         PgSqlTriggers.kill_switch_confirmation_pattern.respond_to?(:call)
-        PgSqlTriggers.kill_switch_confirmation_pattern.call(operation)
-      else
-        "EXECUTE #{operation.to_s.upcase}"
-      end
-    end
   end
 end

data/app/controllers/pg_sql_triggers/audit_logs_controller.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  class AuditLogsController < ApplicationController
+    before_action :check_viewer_permission
+
+    # GET /audit_logs
+    # Display audit log entries with filtering and sorting
+    def index
+      @audit_logs = PgSqlTriggers::AuditLog.all
+
+      # Filter by trigger name
+      @audit_logs = @audit_logs.for_trigger(params[:trigger_name]) if params[:trigger_name].present?
+
+      # Filter by operation
+      @audit_logs = @audit_logs.for_operation(params[:operation]) if params[:operation].present?
+
+      # Filter by status
+      if params[:status].present? && %w[success failure].include?(params[:status])
+        @audit_logs = @audit_logs.where(status: params[:status])
+      end
+
+      # Filter by environment
+      @audit_logs = @audit_logs.for_environment(params[:environment]) if params[:environment].present?
+
+      # Filter by actor (search in JSONB field)
+      @audit_logs = @audit_logs.where("actor->>'id' = ?", params[:actor_id]) if params[:actor_id].present?
+
+      # Sort by date (default: most recent first)
+      sort_direction = params[:sort] == "asc" ? :asc : :desc
+      @audit_logs = @audit_logs.order(created_at: sort_direction)
+
+      # Pagination
+      @per_page = (params[:per_page] || 50).to_i
+      @per_page = [@per_page, 200].min # Cap at 200
+      @page = (params[:page] || 1).to_i
+      @total_count = @audit_logs.count
+      @total_pages = @total_count.positive? ? (@total_count.to_f / @per_page).ceil : 1
+      @page = @page.clamp(1, @total_pages)
+
+      offset = (@page - 1) * @per_page
+      @audit_logs = @audit_logs.offset(offset).limit(@per_page)
+
+      # Get distinct values for filter dropdowns
+      @available_trigger_names = PgSqlTriggers::AuditLog.distinct.pluck(:trigger_name).compact.sort
+      @available_operations = PgSqlTriggers::AuditLog.distinct.pluck(:operation).compact.sort
+      @available_environments = PgSqlTriggers::AuditLog.distinct.pluck(:environment).compact.sort
+
+      respond_to do |format|
+        format.html
+        format.csv do
+          send_data generate_csv, filename: "audit_logs_#{Time.current.strftime('%Y%m%d_%H%M%S')}.csv",
+                                  type: "text/csv", disposition: "attachment"
+        end
+      end
+    end
+
+    private
+
+    def generate_csv
+      require "csv"
+
+      # Get all audit logs (no pagination for CSV)
+      audit_logs = PgSqlTriggers::AuditLog.all
+
+      # Apply filters
+      audit_logs = audit_logs.for_trigger(params[:trigger_name]) if params[:trigger_name].present?
+      audit_logs = audit_logs.for_operation(params[:operation]) if params[:operation].present?
+      if params[:status].present? && %w[success failure].include?(params[:status])
+        audit_logs = audit_logs.where(status: params[:status])
+      end
+      audit_logs = audit_logs.for_environment(params[:environment]) if params[:environment].present?
+      audit_logs = audit_logs.where("actor->>'id' = ?", params[:actor_id]) if params[:actor_id].present?
+
+      CSV.generate(headers: true) do |csv|
+        csv << [
+          "ID", "Trigger Name", "Operation", "Status", "Environment",
+          "Actor Type", "Actor ID", "Reason", "Error Message",
+          "Created At"
+        ]
+
+        audit_logs.order(created_at: :desc).find_each do |log|
+          actor_type = log.actor.is_a?(Hash) ? log.actor["type"] || log.actor[:type] : nil
+          actor_id = log.actor.is_a?(Hash) ? log.actor["id"] || log.actor[:id] : nil
+
+          csv << [
+            log.id,
+            log.trigger_name || "",
+            log.operation,
+            log.status,
+            log.environment || "",
+            actor_type || "",
+            actor_id || "",
+            log.reason || "",
+            log.error_message || "",
+            log.created_at&.iso8601 || ""
+          ]
+        end
+      end
+    end
+  end
+end

data/app/controllers/pg_sql_triggers/dashboard_controller.rb

@@ -5,7 +5,10 @@ module PgSqlTriggers
     before_action :check_viewer_permission
 
     def index
-      @triggers = PgSqlTriggers::TriggerRegistry.order(created_at: :desc)
+      # Sort by installed_at descending (most recent first), fallback to created_at
+      @triggers = PgSqlTriggers::TriggerRegistry.order(
+        Arel.sql("COALESCE(installed_at, created_at) DESC")
+      )
 
       # Get drift summary
       drift_summary = PgSqlTriggers::Drift::Reporter.summary
@@ -43,13 +46,5 @@ module PgSqlTriggers
         @per_page = 20
       end
     end
-
-    private
-
-    def check_viewer_permission
-      return if PgSqlTriggers::Permissions.can?(current_actor, :view_triggers)
-
-      redirect_to root_path, alert: "Insufficient permissions. Viewer role required."
-    end
   end
 end

data/app/controllers/pg_sql_triggers/tables_controller.rb

@@ -2,12 +2,38 @@
 
 module PgSqlTriggers
   class TablesController < ApplicationController
+    before_action :check_viewer_permission
+
     def index
       all_tables = PgSqlTriggers::DatabaseIntrospection.new.tables_with_triggers
-      # Only show tables that have at least one trigger
-      @tables_with_triggers = all_tables.select { |t| t[:trigger_count].positive? }
-      @total_tables = @tables_with_triggers.count
-      @tables_with_trigger_count = @tables_with_triggers.count
+
+      # Calculate statistics
+      @tables_with_trigger_count = all_tables.count { |t| t[:trigger_count].positive? }
+      @tables_without_trigger_count = all_tables.count { |t| t[:trigger_count].zero? }
+      @total_tables_count = all_tables.count
+
+      # Filter based on parameter
+      @filter = params[:filter] || "with_triggers"
+      filtered_tables = case @filter
+                        when "with_triggers"
+                          all_tables.select { |t| t[:trigger_count].positive? }
+                        when "without_triggers"
+                          all_tables.select { |t| t[:trigger_count].zero? }
+                        else # 'all'
+                          all_tables
+                        end
+
+      @total_tables = filtered_tables.count
+
+      # Pagination
+      @per_page = (params[:per_page] || 20).to_i
+      @per_page = [@per_page, 100].min # Cap at 100
+      @page = (params[:page] || 1).to_i
+      @total_pages = @total_tables.positive? ? (@total_tables.to_f / @per_page).ceil : 1
+      @page = @page.clamp(1, @total_pages) # Ensure page is within valid range
+
+      offset = (@page - 1) * @per_page
+      @tables_with_triggers = filtered_tables.slice(offset, @per_page) || []
     end
 
     def show

data/app/controllers/pg_sql_triggers/triggers_controller.rb

@@ -4,10 +4,10 @@ module PgSqlTriggers
   # Controller for managing individual triggers via web UI
   # Provides actions to enable and disable triggers
   class TriggersController < ApplicationController
-    before_action :set_trigger, only: %i[show enable disable drop re_execute]
     before_action :check_viewer_permission, only: [:show]
     before_action :check_operator_permission, only: %i[enable disable]
     before_action :check_admin_permission, only: %i[drop re_execute]
+    before_action :set_trigger, only: %i[show enable disable drop re_execute]
 
     def show
       # Load trigger details and drift information
@@ -18,7 +18,7 @@ module PgSqlTriggers
       # Check kill switch before enabling trigger
       check_kill_switch(operation: :ui_trigger_enable, confirmation: params[:confirmation_text])
 
-      @trigger.enable!(confirmation: params[:confirmation_text])
+      @trigger.enable!(confirmation: params[:confirmation_text], actor: current_actor)
       flash[:success] = "Trigger '#{@trigger.trigger_name}' enabled successfully."
       redirect_to redirect_path
     rescue PgSqlTriggers::KillSwitchError => e
@@ -34,7 +34,7 @@ module PgSqlTriggers
       # Check kill switch before disabling trigger
       check_kill_switch(operation: :ui_trigger_disable, confirmation: params[:confirmation_text])
 
-      @trigger.disable!(confirmation: params[:confirmation_text])
+      @trigger.disable!(confirmation: params[:confirmation_text], actor: current_actor)
       flash[:success] = "Trigger '#{@trigger.trigger_name}' disabled successfully."
       redirect_to redirect_path
     rescue PgSqlTriggers::KillSwitchError => e
@@ -119,24 +119,6 @@ module PgSqlTriggers
       redirect_to root_path
     end
 
-    def check_viewer_permission
-      return if PgSqlTriggers::Permissions.can?(current_actor, :view_triggers)
-
-      redirect_to root_path, alert: "Insufficient permissions. Viewer role required."
-    end
-
-    def check_operator_permission
-      return if PgSqlTriggers::Permissions.can?(current_actor, :enable_trigger)
-
-      redirect_to root_path, alert: "Insufficient permissions. Operator role required."
-    end
-
-    def check_admin_permission
-      return if PgSqlTriggers::Permissions.can?(current_actor, :drop_trigger)
-
-      redirect_to root_path, alert: "Insufficient permissions. Admin role required."
-    end
-
     def redirect_path
       # Redirect back to the referring page if possible, otherwise to dashboard
       params[:redirect_to].presence || request.referer || root_path

data/app/helpers/pg_sql_triggers/permissions_helper.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module PgSqlTriggers
+  module PermissionsHelper
+    # Check if the current actor can perform an action
+    #
+    # @param action [Symbol, String] The action to check
+    # @return [Boolean] True if the actor can perform the action
+    def can?(action)
+      PgSqlTriggers::Permissions.can?(current_actor, action, environment: current_environment)
+    end
+
+    # Check if the current actor can view triggers
+    def can_view_triggers?
+      can?(:view_triggers)
+    end
+
+    # Check if the current actor can enable/disable triggers
+    def can_enable_disable_triggers?
+      can?(:enable_trigger)
+    end
+
+    # Check if the current actor can drop triggers
+    def can_drop_triggers?
+      can?(:drop_trigger)
+    end
+
+    # Check if the current actor can execute SQL capsules
+    def can_execute_sql?
+      can?(:execute_sql)
+    end
+
+    # Check if the current actor can generate triggers
+    def can_generate_triggers?
+      can?(:generate_trigger)
+    end
+
+    # Check if the current actor can apply triggers (run migrations)
+    def can_apply_triggers?
+      can?(:apply_trigger)
+    end
+  end
+end