rbac_rls 0.1.0 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3bc52fa4bdbbc44cf0d4b6ede8d4d142458a169baed9767a30c1f6549a827520
-  data.tar.gz: d289b6293db261f8643b702a70c0f8d9affd094385a898e299f1e7b7d6966c25
+  metadata.gz: 7ec44866c989046890add9f57eafc781f16a3774e54858a5f4996498fa2e96cb
+  data.tar.gz: 1f349e1e5e4011768758345c95349984b0910d33f1652245225217fd7133a83f
 SHA512:
-  metadata.gz: 6a7d8a952d7bbb5af6eedee3338ffd0ff76e71384eb82a2c7e0010f58855519cccb653e6b28e5ec29358b0c4a5f700d9663dfe0a372097d1fb2040ea60a5ff9c
-  data.tar.gz: ae99e701a1bce22e40993385b0f0644a6c49f2aa8e496cf7ed57cd4808133eb8d3ffeb15f70768389728321ddcd741184716a992f35e45dd0cad3aad9fa8528f
+  metadata.gz: 86ab0f00de6b4291edbdc4bfb3a8b18a9430af2bd9b3043de979731c9209314be6ba05ac5f8d58f10242957c67947203addc5c8c96d428c9960618af105e8043
+  data.tar.gz: 43438f64d3cc5ba86face84828579bc9556e5e81cf0731f0c2aba6edc04abf0cb7f877340934c1e4c86cf5c50055a184e1c6e2b4736801ec1148df60f7b2d1f6

data/README.md

@@ -30,6 +30,19 @@ And then add in your application_record.rb and application_controller.rb:
  include ConnectionRls
  include ConnectionRlsUser
 ```
+```bash 
+ crie um novo everioniment para rodar as migrations 
+ por exemplo: duplique um arquivo de  app/config/environments  configure o deu database.yml com o env 
+ 
+ exemplo:
+     -----------
+     migrations:
+      <<: *default
+      database: main_app_development
+      username: username
+      password: password
+     -----------
+```
 
 And then run this command:
 ```bash

data/app/controllers/concerns/helper_methods_permission.rb

@@ -0,0 +1,26 @@
+module HelperMethodsPermission
+  extend ActiveSupport::Concern
+
+  included do
+
+    def has_permission?(type = nil)
+      if type == :read
+        # and type == :owner_read and type == :owner_change and type == :owner_remove
+      end
+
+      if type == :write
+      end
+
+      if type == :change
+      end
+
+      if type == :remove
+      end
+
+    end
+  end
+
+  class_methods do
+  end
+
+end

data/app/models/concerns/manage_rls_migration_concern.rb

@@ -0,0 +1,33 @@
+module ManageRlsMigrationConcern
+  extend ActiveSupport::Concern
+
+  class_methods {}
+
+  included { after_destroy :delete_nested_policy }
+
+  def delete_nested_policy
+    down_migrate()
+    delete_file(get_migration_file_path)
+  end
+
+  def down_migrate(file_version = migration_version)
+    return true if system(Settings.down_migrate_command(file_version))
+    false
+  end
+
+  def get_migration_file_path(file_name = migration_version)
+    path = Rails.root.join('db', 'migrate', "#{file_name}*").to_s
+    file_path = Dir[path]&.first
+    file_path.to_s
+  end
+
+  def delete_file(path)
+    deleted = false
+    if File.exist?(path)
+      File.delete(path)
+      deleted = !File.exist?(path)
+    end
+    deleted
+  end
+
+end

data/app/models/rbac_rls/group_permission.rb

@@ -1,20 +1,40 @@
 module RbacRls
   class GroupPermission < ApplicationRecord
+    include ManageRlsMigrationConcern
+
     self.table_name = :group_permissions
     belongs_to :permission
     belongs_to :group
-    after_save :create_group_rls_policy
+    after_validation :create_group_rls_policy
 
     #rails generate rbac_rls:group_permission table_name description:table_key 'produto':table_value
     def create_group_rls_policy
-      cmd = ""
-      if self.permission.table_name.present? and self.table_key.present? and self.table_value.present?
-        cmd = "rails generate rbac_rls:group_permission #{self.permission.table_name} '#{self.table_key}':table_key '#{self.table_value}':table_value"
+      if permission.table_name.present? and table_key.present? and table_value.present?
+        cmd = -> { "rails generate rbac_rls:group_permission #{permission.table_name} '#{table_key}':table_key '#{table_value}':table_value" }
+        migraion_generated = false
+        migraion_generated = system(cmd.===) if new_record?
+        migraion_generated = system(cmd.===) if persisted? and database_changed? and drop_policy()
+        if migraion_generated
+          system(Settings.run_migrate_command)
+          self.migration_version = ActiveRecord::Migrator.current_version
+        end
       end
-      if cmd.present?
-        system(cmd)
-        system('rake db:migrate RAILS_ENV=migrations')
+    end
+
+    def drop_policy()
+      r_value = false
+      r_value = true if migration_version.nil?
+      if persisted? && delete_nested_policy()
+        self.migration_version = nil
+        r_value = true
       end
+      r_value
     end
+
+    def database_changed?
+      attrs_in_database = self.class.find(id).attributes
+      attributes != attrs_in_database
+    end
+
   end
-end
+end

data/app/models/rbac_rls/permission.rb

@@ -1,5 +1,5 @@
 class RbacRls::Permission < ApplicationRecord
-
+  include ManageRlsMigrationConcern
   self.table_name = :permissions
   belongs_to :permission, :class_name => 'RbacRls::Permission', optional: true
   has_many :role_permissions, :class_name => 'RbacRls::RolePermission'
@@ -10,10 +10,10 @@ class RbacRls::Permission < ApplicationRecord
   validates_uniqueness_of :name, message: "This permission already exists"
   validates_presence_of :table_name
   before_validation :set_permission_name
-  after_commit :create_rls_policy
+  after_validation :create_rls_policy
 
-  def self.all_tables(schema = :public)
 
+  def self.all_tables(schema = :public)
     sql = "SELECT table_name FROM information_schema.tables #{where_schema(schema)} "
     result = ActiveRecord::Base.connection.select_all(sql)
     tables = result.map { |k| k['table_name'] }
@@ -40,18 +40,13 @@ class RbacRls::Permission < ApplicationRecord
       cmd += " delete:role " if remove.present?
       cmd
     end
-    type_options = -> () do
-      cmd = ""
-      cmd += " --permission_identifier #{self.id} " if self.id.present?
-      cmd
-    end
-
-    if (type_policies.===).present? and (type_options.===).present? &&
-      RbacRls::Permission.all.map(&:table_name).exclude?(table_name)
+    type_options = -> () { " --permission_identifier #{self.id} " if self.id.present? }
 
+    if RbacRls::Permission.all.map(&:table_name).exclude?(table_name) && migration_version.nil?
       cmd = "rails generate rbac_rls:custom_migration  #{table_name}  #{type_policies.===} #{type_options.===}"
-      system(cmd)
-      system('rake db:migrate RAILS_ENV=migrations')
+      if system(cmd) && system(Settings.run_migrate_command)
+        self.migration_version = ActiveRecord::Migrator.current_version
+      end
     end
   end
 
@@ -65,4 +60,5 @@ class RbacRls::Permission < ApplicationRecord
 
   def has_role_permission?() end
 
+
 end

data/app/models/rbac_rls/settings.rb

@@ -0,0 +1,3 @@
+module Settings
+
+end

data/app/views/rbac_rls/home/index.html.erb

@@ -1,7 +1,7 @@
 <div role="main">
   <div class="jumbotron">
     <div class="container">
-      <h1 class="display-3">RBAC RLS GEM <i class="fas fa-gem"></i></h1>
+      <h1 class="display-3">GRANAR <i class="fas fa-gem"></i></h1>
       <p>This is a GEM based on RBAC and RLS, to control users' access to information</p>
     </div>
     <hr>

data/db/migrate/20220411133054_create_rbac_rls_permissions.rb

@@ -10,6 +10,7 @@ class CreateRbacRlsPermissions < ActiveRecord::Migration[7.0]
       t.boolean :owner_read, default: false
       t.boolean :owner_change, default: false
       t.boolean :owner_remove, default: false
+      t.string :migration_version, default: nil
       t.references :permission, null: true, index: true
 
       t.timestamps

data/db/migrate/20220912104929_create_rbac_rls_group_permissions.rb

@@ -5,6 +5,7 @@ class CreateRbacRlsGroupPermissions < ActiveRecord::Migration[7.0]
       t.references :group, null: false, foreign_key: true
       t.string :table_key, null: false, limit: 60
       t.string :table_value, null: false, limit: 60
+      t.string :migration_version, default: nil
 
       t.timestamps
     end

data/db/migrate/20220914004803_create_basic_permissions_for_application_acess.rb

@@ -1,7 +1,7 @@
 class CreateBasicPermissionsForApplicationAcess < ActiveRecord::Migration[7.0]
   def change
     schema = 'public'
-    user = 'app_user'
+    user = RbacRls::Settings.application_db_user
     where_schema = ->(schema_name = nil) do
       schema_name.present? ? "WHERE table_schema  = '#{schema_name}'" : ''
     end
@@ -13,6 +13,6 @@ class CreateBasicPermissionsForApplicationAcess < ActiveRecord::Migration[7.0]
       execute "GRANT ALL PRIVILEGES on #{schema}.#{table}  TO #{user}"
     end
 
-    execute 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO app_user'
+    execute "GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO  #{RbacRls::Settings.application_db_user}"
   end
 end

data/lib/generators/rbac_rls/templates/group_permission_migration.rb

@@ -21,7 +21,7 @@ class Create<%= "#{"#{name}#{options[:identifier]}".camelize}" %>Gpolicy < Activ
 def change
   <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-  db_role = "app_user"
+  db_role = "#{RbacRls::Settings.application_db_user}"
   permission_id =  options[:permission_identifier]
   owner_rls_policy = ->(type){
     if type.to_sym != :insert
@@ -53,17 +53,18 @@ def change
       WHERE (p.\"#{type_polices[type.to_sym]}\")
       AND p.table_name = '#{gen_table_name}'
     )
-) #{owner_rls_policy[type]}  ) and  #{table_key.to_s} LIKE '%#{table_value}%'
+) #{owner_rls_policy[type]}  ) and CAST( #{table_key.to_s} AS TEXT) LIKE '%#{table_value}%'
 
   "
   }
   %>
 
     <% %i(insert select update delete).each  do |attr| %>
-  execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
-  execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
+
   reversible do |dir|
     dir.up do
+      execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
+      execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
       <%if  attr.to_sym  ==:insert  %>
         execute <<-SQL
           <%= "CREATE POLICY #{policy_name.(name, attr.to_sym)} ON #{name} for  #{attr.to_s} TO #{db_role} with check  (#{constraint_for_rls[attr.to_s]})" %>
@@ -74,6 +75,11 @@ def change
       SQL
       <%end%>
     end
+    dir.down do
+      execute <<-SQL
+          <%= "DROP POLICY #{policy_name.(name, attr.to_sym)} ON #{name}" %>
+      SQL
+    end
   end
   <% end %>
 

data/lib/generators/rbac_rls/templates/rls_migration.rb

@@ -18,7 +18,7 @@ class Create<%= "#{name.underscore.camelize}#{options[:permission_identifier]}"
 def change
   <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-  db_role = "app_user"
+  db_role =  RbacRls::Settings.application_db_user
   permission_id =  options[:permission_identifier]
   owner_rls_policy = ->(type){
     if type.to_sym != :insert
@@ -58,10 +58,11 @@ def change
 
 
     <% %i(insert select update delete).each  do |attr| %>
-  execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
-  execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
+
   reversible do |dir|
     dir.up do
+      execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
+      execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
       <%if  attr.to_sym  ==:insert  %>
         execute <<-SQL
           <%= "CREATE POLICY #{policy_name.(name, attr.to_sym)} ON #{name} for  #{attr.to_s} TO #{db_role} with check  (#{constraint_for_rls[attr.to_s]})" %>
@@ -72,6 +73,11 @@ def change
       SQL
       <%end%>
     end
+    dir.down do
+      execute <<-SQL
+          <%= "DROP POLICY #{policy_name.(name, attr.to_sym)} ON #{name}" %>
+      SQL
+    end
   end
   <% end %>
 

data/lib/generators/rbac_rls/templates/rls_migration.rb.erb

@@ -8,12 +8,14 @@ type_polices_owner = {insert: :owner_write,select: :owner_read,update: :owner_ch
 
 %>
 
-class Create<%= "#{name.underscore.camelize}" %>Policy<%="#{}" %> < ActiveRecord::Migration[7.0]
+class Create <%= "#{name.underscore.camelize}" %>
+  Policy <%="#{}" %> < ActiveRecord::Migration[7.0]
 
   def change
     <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-    db_role = "app_user"
+    db_role =  RbacRls::Settings.application_db_user
+
     permission_id =  options[:permission_identifier]
 
     constraint_for_rls = ->(type) {"
@@ -44,8 +46,8 @@ class Create<%= "#{name.underscore.camelize}" %>Policy<%="#{}" %> < ActiveRecord
     }
     %>
     <% %i(insert select update delete).each  do |attr| %>
-    execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
-    execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
+    execute ' <%="GRANT  #{attr} ON #{name} TO #{db_role}"%> '
+    execute ' <%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %> '
     reversible do |dir|
       dir.up do
         <%if  attr.to_sym  ==:insert  %>
@@ -58,6 +60,11 @@ class Create<%= "#{name.underscore.camelize}" %>Policy<%="#{}" %> < ActiveRecord
         SQL
         <%end%>
       end
+      dir.down do
+        execute <<-SQL
+          <%= "DROP POLICY #{policy_name.(name, attr.to_sym)} ON #{name}" %>
+        SQL
+      end
     end
     <% end %>
   end

data/lib/generators/rbac_rls/templates/rls_migration2.rb.erb

@@ -17,7 +17,8 @@ class Create<%= "#{name.underscore.camelize}#{options[:permission_identifier]}"
   def change
     <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-    db_role = "app_user"
+    db_role =  RbacRls::Settings.application_db_user
+
     permission_id =  options[:permission_identifier]
     owner_rls_policy = ->(type){
       if type.to_sym != :insert

data/lib/rbac_rls/engine.rb

@@ -10,6 +10,7 @@ require 'vanilla_nested/view_helpers'
 
 module RbacRls
   class Engine < ::Rails::Engine
+
     isolate_namespace RbacRls
 
     # initializer "rbac_rls.precompile" do |app|

data/lib/rbac_rls/version.rb

@@ -1,3 +1,3 @@
 module RbacRls
-  VERSION = "0.1.0"
+  VERSION = "0.1.2"
 end

data/lib/rbac_rls.rb

@@ -2,5 +2,17 @@ require "rbac_rls/version"
 require "rbac_rls/engine"
 
 module RbacRls
-  # Your code goes here...
+  module Settings
+    def self.run_migrate_command
+      "rake db:migrate RAILS_ENV=migrations"
+    end
+
+    def self.down_migrate_command(version = nil)
+      "rake db:migrate:down VERSION=#{version} RAILS_ENV=migrations"
+    end
+
+    def self.application_db_user
+      "app_user"
+    end
+  end
 end

data/lib/tasks/rbac_rls_tasks.rake

@@ -1,4 +1,55 @@
-# desc "Explaining what the task does"
-# task :rbac_rls do
-#   # Task goes here
-# end
+desc "Explaining what the task does"
+task :rbac_rls do
+  #frozen_string_literal: true
+
+  desc 'Uninstall gem'
+
+  task :uninstall_gem => :environment do
+    cmds = ['ALTER TABLE products DISABLE ROW LEVEL SECURITY']
+    permissions = RbacRls::Permission.all.map(&:migration_version)
+    basic_permissions = ["20220411125339",
+                         "20220912104712",
+                         "20220411125613",
+                         "20220912104929",
+                         "20220411133054",
+                         "20220914004802",
+                         "20220425212731",
+                         "20220914004803",]
+
+
+    create_rbac_rls_roles.rbac_rls.rb from rbac_rls
+    create_rbac_rls_user_roles.rbac_rls.rb from rbac_rls
+    create_rbac_rls_permissions.rbac_rls.rb from rbac_rls
+    create_role_permissions.rbac_rls.rb from rbac_rls
+    create_rbac_rls_groups.rbac_rls.rb from rbac_rls
+    create_rbac_rls_group_permissions.rbac_rls.rb from rbac_rls
+    create_rbac_rls_group_users.rbac_rls.rb from rbac_rls
+    create_basic_permissions_for_application_acess.rbac_rls.rb
+    versions = permissions + basic_permissions
+    for migration in versions
+      system(RbacRls::Settings.down_migrate_command(migration))
+      delete_file(get_migration_file_path(migration))
+    end
+
+    for cmd in cmds
+      ActiveRecord::Base.connection.execute(cmd)
+    end
+
+  end
+
+  def get_migration_file_path(file_name = migration_version)
+    path = Rails.root.join('db', 'migrate', "#{file_name}*").to_s
+    file_path = Dir[path]&.first
+    file_path.to_s
+  end
+
+  def delete_file(path)
+    deleted = false
+    if File.exist?(path)
+      File.delete(path)
+      deleted = !File.exist?(path)
+    end
+    deleted
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbac_rls
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
 platform: ruby
 authors:
 - FilipeBeserraMaia
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-09-29 00:00:00.000000000 Z
+date: 2022-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -66,20 +66,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Description of RbacRls.
 email:
 - filipeifgcc@gmail.com
@@ -94,6 +80,7 @@ files:
 - app/assets/javascripts/rbac_rls/application.js
 - app/assets/stylesheets/rbac_rls/application.css.scss
 - app/controllers/concerns/connection_rls_user_concern.rb
+- app/controllers/concerns/helper_methods_permission.rb
 - app/controllers/rbac_rls/application_controller.rb
 - app/controllers/rbac_rls/groups_controller.rb
 - app/controllers/rbac_rls/home_controller.rb
@@ -106,6 +93,7 @@ files:
 - app/jobs/rbac_rls/application_job.rb
 - app/mailers/rbac_rls/application_mailer.rb
 - app/models/concerns/connection_rls_concern.rb
+- app/models/concerns/manage_rls_migration_concern.rb
 - app/models/rbac_rls/application_record.rb
 - app/models/rbac_rls/group.rb
 - app/models/rbac_rls/group_permission.rb
@@ -113,6 +101,7 @@ files:
 - app/models/rbac_rls/permission.rb
 - app/models/rbac_rls/role.rb
 - app/models/rbac_rls/role_permission.rb
+- app/models/rbac_rls/settings.rb
 - app/models/rbac_rls/user_role.rb
 - app/views/layouts/rbac_rls/application.html.erb
 - app/views/rbac_rls/groups/_form.html.erb
@@ -142,7 +131,6 @@ files:
 - config/assets.rb
 - config/importmap.rb
 - config/routes.rb
-- config/setup.rb
 - db/migrate/20220411125339_create_rbac_rls_roles.rb
 - db/migrate/20220411125613_create_rbac_rls_user_roles.rb
 - db/migrate/20220411133054_create_rbac_rls_permissions.rb
@@ -162,12 +150,12 @@ files:
 - lib/rbac_rls/engine.rb
 - lib/rbac_rls/version.rb
 - lib/tasks/rbac_rls_tasks.rake
-homepage: https://rubygems.org/rbac_rls
+homepage: https://rubygems.org/granar
 licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org/
-  homepage_uri: https://rubygems.org/rbac_rls
+  homepage_uri: https://rubygems.org/granar
   source_code_uri: https://gitlab.com/FilipeBeserraMaia/rbac_rls
   changelog_uri: https://gitlab.com/FilipeBeserraMaia/rbac_rls
 post_install_message: