super_auth 0.1.4 → 0.2.0

data/lib/super_auth/active_record/by_current_user.rb

@@ -0,0 +1,39 @@
+module SuperAuth::ActiveRecord::ByCurrentUser
+  def self.included(base)
+    base.has_many :super_auth_authorizations
+
+    base.send(:default_scope, **{all_queries: true}) do
+      raise "SuperAuth.current_user not set" if SuperAuth.current_user.blank?
+
+      if SuperAuth.current_user.respond_to?(:system?) && SuperAuth.current_user.system?
+        self
+      else
+        user_where =
+        if SuperAuth.current_user.is_a?(SuperAuth::ActiveRecord::User)
+          { user_id: SuperAuth.current_user.id }
+        else
+          { user_external_id: SuperAuth.current_user.id, user_external_type: SuperAuth.current_user.class.name }
+        end
+
+        resource_where =
+        if try(:id)
+          { resource_external_id: self.id, resource_external_type: self.class.name }
+        else
+          { resource_external_type: self.model.name }
+        end
+
+        # Important:
+        # We use a subquery here instead of a inner join because we don't want
+        # to potentially affect break on queries issue count queries in their app.
+        where(
+          id: SuperAuth::ActiveRecord::Authorization
+              .where(**user_where, **resource_where)
+              .select(:resource_id))
+      end
+    end
+  end
+
+  module ClassMethods
+  end
+
+end

data/lib/super_auth/active_record/edge.rb

@@ -0,0 +1,48 @@
+class SuperAuth::ActiveRecord::Edge < ActiveRecord::Base
+  self.table_name = 'super_auth_edges'
+  belongs_to :user, class_name: 'SuperAuth::ActiveRecord::User', optional: true
+  belongs_to :group, class_name: 'SuperAuth::ActiveRecord::Group', optional: true
+  belongs_to :permission, class_name: 'SuperAuth::ActiveRecord::Permission', optional: true
+  belongs_to :role, class_name: 'SuperAuth::ActiveRecord::Role', optional: true
+  belongs_to :resource, class_name: 'SuperAuth::ActiveRecord::Resource', optional: true
+
+  class << self
+    def authorizations
+      from("(#{
+        SuperAuth::Edge.authorizations.sql
+        }) as super_auth_edges".squish
+      )
+    end
+
+    def users_resources
+      SuperAuth::ActiveRecord::Edge.from(
+        %Q[(#{SuperAuth::Edge.users_resources.sql}) as super_auth_edges]
+      )
+    end
+
+    def users_groups_roles_permissions_resources
+      SuperAuth::ActiveRecord::Edge.from(
+        %Q[(#{SuperAuth::Edge.users_groups_roles_permissions_resources.sql}) as super_auth_edges]
+      )
+    end
+
+    def users_groups_permissions_resources
+      SuperAuth::ActiveRecord::Edge.from(
+        %Q[(#{SuperAuth::Edge.users_groups_permissions_resources.sql}) as super_auth_edges]
+      )
+    end
+
+    def users_roles_permissions_resources
+      SuperAuth::ActiveRecord::Edge.from(
+        %Q[(#{SuperAuth::Edge.users_roles_permissions_resources.sql}) as super_auth_edges]
+      )
+    end
+
+    def users_permissions_resources
+      SuperAuth::ActiveRecord::Edge.from(
+        %Q[(#{SuperAuth::Edge.users_permissions_resources.sql}) as super_auth_edges]
+      )
+    end
+  end
+
+end

data/lib/super_auth/active_record/group.rb

@@ -0,0 +1,10 @@
+class SuperAuth::ActiveRecord::Group < ActiveRecord::Base
+  self.table_name = 'super_auth_groups'
+
+  belongs_to :parent, class_name: 'SuperAuth::ActiveRecord::Group', optional: true
+
+  def descendants_dataset
+    sql = SuperAuth::Group.new(id: self.id, parent_id: self.parent_id).descendants_dataset.sql
+    self.class.from(%Q[(#{sql}) as super_auth_groups])
+  end
+end

data/lib/super_auth/active_record/permission.rb

@@ -0,0 +1,7 @@
+class SuperAuth::ActiveRecord::Permission < ActiveRecord::Base
+  self.table_name = 'super_auth_permissions'
+
+  has_many :edges, class_name: 'SuperAuth::ActiveRecord::Edge'
+  scope :with_edges, -> { joins(:edges) }
+  scope :with_roles, -> { from(%Q[(#{SuperAuth::Permission.with_roles.sql}) as super_auth_permissions]) }
+end

data/lib/super_auth/active_record/resource.rb

@@ -0,0 +1,4 @@
+class SuperAuth::ActiveRecord::Resource < ActiveRecord::Base
+  self.table_name = 'super_auth_resources'
+  belongs_to :external, polymorphic: true, optional: true
+end

data/lib/super_auth/active_record/role.rb

@@ -0,0 +1,10 @@
+class SuperAuth::ActiveRecord::Role < ActiveRecord::Base
+  self.table_name = 'super_auth_roles'
+
+  belongs_to :parent, class_name: 'SuperAuth::ActiveRecord::Role', optional: true
+
+  def descendants_dataset
+    sql = SuperAuth::Role.new(id: self.id, parent_id: self.parent_id).descendants_dataset.sql
+    self.class.from(%Q[(#{sql}) as super_auth_roles])
+  end
+end

data/lib/super_auth/active_record/user.rb

@@ -0,0 +1,14 @@
+class SuperAuth::ActiveRecord::User < ActiveRecord::Base
+  self.table_name = 'super_auth_users'
+
+  belongs_to :external, polymorphic: true, optional: true
+
+  def model_name = ActiveModel::Name.new(:user)
+
+  def system? = self.class.system == self
+  def self.system = find_or_create_by(name: "system")
+
+  has_many :edges, class_name: 'SuperAuth::ActiveRecord::Edge'
+  scope :with_edges, -> { joins(:edges) }
+  scope :with_groups, -> { from(%Q[(#{SuperAuth::User.with_groups.sql}) as super_auth_users]) }
+end

data/lib/super_auth/active_record.rb

@@ -0,0 +1,20 @@
+require "active_record"
+module SuperAuth::ActiveRecord
+end
+
+class ActiveRecord::Base
+  class << self
+    def super_auth
+      include SuperAuth::ActiveRecord::ByCurrentUser
+    end
+  end
+end
+
+require "super_auth/active_record/authorization"
+require "super_auth/active_record/by_current_user"
+require "super_auth/active_record/edge"
+require "super_auth/active_record/group"
+require "super_auth/active_record/permission"
+require "super_auth/active_record/resource"
+require "super_auth/active_record/role"
+require "super_auth/active_record/user"

data/lib/super_auth/authorization.rb

@@ -0,0 +1,2 @@
+class SuperAuth::Authorization < Sequel::Model(:super_auth_authorizations)
+end

data/lib/super_auth/edge.rb

@@ -1,4 +1,6 @@
 class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
+  plugin :dirty
+
   many_to_one :user
   many_to_one :group
   many_to_one :permission
@@ -6,19 +8,42 @@ class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
   many_to_one :resource
 
   class << self
+    def string_cast_type
+      case SuperAuth.db.database_type
+      when :mysql, :mysql2
+        :char
+      else
+        :text
+      end
+    end
+
+    def integer_cast_type
+      case SuperAuth.db.database_type
+      when :mysql, :mysql2
+        :signed
+      else
+        :bigint
+      end
+    end
 
     def authorizations
       users_groups_roles_permissions_resources
         .union(users_roles_permissions_resources)
         .union(users_groups_permissions_resources)
         .union(users_permissions_resources)
+        .union(users_resources)
     end
 
     def users_groups_roles_permissions_resources
-      users_groups_roles_ds = SuperAuth::User.join(:super_auth_edges, user_id: :id).select_all(:super_auth_users).join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:groups), id: :group_id).select(
+      cast_type = string_cast_type
+      users_groups_roles_ds = SuperAuth::User.join(:super_auth_edges, user_id: :id).
+        select_all(:super_auth_users).
+        join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:groups), Sequel.function(:concat, ',', Sequel[:groups][:group_path], ',').like(Sequel.function(:concat, '%,', Sequel[:groups][:id], ',%'))).
+      select(
         Sequel[:super_auth_users][:id].as(:user_id),
         Sequel[:super_auth_users][:name].as(:user_name),
         Sequel[:super_auth_users][:external_id].as(:user_external_id),
+        Sequel[:super_auth_users][:external_type].as(:user_external_type),
         Sequel[:super_auth_users][:created_at].as(:user_created_at),
         Sequel[:super_auth_users][:updated_at].as(:user_updated_at),
         Sequel[:groups][:id].as(:group_id),
@@ -31,8 +56,8 @@ class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
         Sequel[:groups][:group_path],
         Sequel[:groups][:group_name_path],
         Sequel[:groups][:parent_id],
-        Sequel[:groups][:created_at].as(:group_created_at),
-        Sequel[:groups][:updated_at].as(:group_updated_at),
+        Sequel[:groups][:created_at].cast(cast_type).as(:group_created_at),
+        Sequel[:groups][:updated_at].cast(cast_type).as(:group_updated_at),
       ).join(Sequel[:super_auth_edges].as(:group_role_edges), Sequel[:group_role_edges][:group_id] => Sequel[:groups][:id]).select_append(
         Sequel[:group_role_edges][:id].as(:group_role_edge_id),
         Sequel[:group_role_edges][:permission_id].as(:group_role_edge_permission_id),
@@ -43,7 +68,7 @@ class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
 
       SuperAuth::Edge.from(
         SuperAuth::Edge.from(
-          SuperAuth::Group.cte(SuperAuth::Group.where(id: users_groups_roles_ds.select(Sequel[:groups][:id])).select(:id)).select { [id.as(:group_id), name.as(:group_name), parent_id.as(:group_parent_id), group_path, group_name_path, created_at.as(:group_created_at), updated_at.as(:group_updated_at)] },
+          SuperAuth::Group.cte(SuperAuth::Group.where(id: users_groups_roles_ds.select(Sequel[:groups][:id])).select(:id)).select { [id.as(:group_id), name.as(:group_name), parent_id.as(:group_parent_id), group_path, group_name_path, created_at.cast(cast_type).as(:group_created_at), updated_at.as(:group_updated_at)] },
           SuperAuth::Role.cte(users_groups_roles_ds.select(Sequel[:group_role_edges][:role_id])).select { [id.as(:role_id), name.as(:role_name), parent_id.as(:role_parent_id), role_path, role_name_path, created_at.as(:role_created_at), updated_at.as(:role_updated_at) ] }
         ).as(:users_groups_roles_permissions_resources)
       ).join(Sequel[:super_auth_edges].as(:user_edges), Sequel[:user_edges][:group_id] => Sequel[:users_groups_roles_permissions_resources][:group_id])
@@ -52,33 +77,35 @@ class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
           Sequel[:super_auth_users][:id].as(:user_id),
           Sequel[:super_auth_users][:name].as(:user_name),
           Sequel[:super_auth_users][:external_id].as(:user_external_id),
-          Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
-          Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
+          Sequel[:super_auth_users][:external_type].as(:user_external_type),
+          Sequel[:super_auth_users][:created_at].cast(cast_type).as(:user_created_at),
+          Sequel[:super_auth_users][:updated_at].cast(cast_type).as(:user_updated_at),
 
           Sequel[:users_groups_roles_permissions_resources][:group_id],
           Sequel[:users_groups_roles_permissions_resources][:group_name],
           Sequel[:users_groups_roles_permissions_resources][:group_path],
           Sequel[:users_groups_roles_permissions_resources][:group_name_path],
           Sequel[:users_groups_roles_permissions_resources][:group_parent_id],
-          Sequel[:users_groups_roles_permissions_resources][:group_created_at].cast(:text),
-          Sequel[:users_groups_roles_permissions_resources][:group_updated_at].cast(:text),
+          Sequel[:users_groups_roles_permissions_resources][:group_created_at].cast(cast_type).as(:group_created_at),
+          Sequel[:users_groups_roles_permissions_resources][:group_updated_at].cast(cast_type).as(:group_updated_at),
 
           Sequel[:users_groups_roles_permissions_resources][:role_id],
           Sequel[:users_groups_roles_permissions_resources][:role_name],
           Sequel[:users_groups_roles_permissions_resources][:role_path],
           Sequel[:users_groups_roles_permissions_resources][:role_name_path],
           Sequel[:users_groups_roles_permissions_resources][:role_parent_id],
-          Sequel[:users_groups_roles_permissions_resources][:role_created_at].cast(:text),
-          Sequel[:users_groups_roles_permissions_resources][:role_updated_at].cast(:text),
+          Sequel[:users_groups_roles_permissions_resources][:role_created_at].cast(cast_type).as(:role_created_at),
+          Sequel[:users_groups_roles_permissions_resources][:role_updated_at].cast(cast_type).as(:role_updated_at),
 
           Sequel[:super_auth_permissions][:id].as(:permission_id),
           Sequel[:super_auth_permissions][:name].as(:permission_name),
-          Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
-          Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
+          Sequel[:super_auth_permissions][:created_at].cast(cast_type).as(:permission_created_at),
+          Sequel[:super_auth_permissions][:updated_at].cast(cast_type).as(:permission_updated_at),
 
           Sequel[:super_auth_resources][:id].as(:resource_id),
           Sequel[:super_auth_resources][:name].as(:resource_name),
-          Sequel[:super_auth_resources][:external_id].as(:resource_external_id)
+          Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
+          Sequel[:super_auth_resources][:external_type].as(:resource_external_type)
         )
        .join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:users_groups_roles_permissions_resources][:role_id])
        .join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id])
@@ -88,132 +115,218 @@ class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
     end
 
     def users_groups_permissions_resources
-      SuperAuth::User.
+      cast_type = string_cast_type
+      # Join users to their group via edges, then to the group CTE to get the user's group_path.
+      # Use group_path to find all ancestor groups (any group whose id appears in the user's group_path).
+      # Then join permission edges on those ancestor groups.
+      SuperAuth::User.db[:super_auth_users].
         join(Sequel[:super_auth_edges].as(:user_edges), user_id: :id).
-        join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:groups), id: :group_id).
+        join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:user_groups), Sequel[:user_groups][:id] => Sequel[:user_edges][:group_id]).
+        join(Sequel[:super_auth_edges].as(:group_edges),
+          Sequel.function(:concat, ',', Sequel[:user_groups][:group_path], ',').like(
+            Sequel.function(:concat, '%,', Sequel[:group_edges][:group_id].cast(cast_type), ',%')
+          )
+        ).
+        join(Sequel[:super_auth_permissions], id: Sequel[:group_edges][:permission_id]).
+        join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
+        join(Sequel[:super_auth_resources], id: Sequel[:permission_edges][:resource_id]).
         select(
           Sequel[:super_auth_users][:id].as(:user_id),
           Sequel[:super_auth_users][:name].as(:user_name),
           Sequel[:super_auth_users][:external_id].as(:user_external_id),
-          Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
-          Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
-
-          Sequel[:groups][:id].as(:group_id),
-          Sequel[:groups][:name].as(:group_name),
-          Sequel[:groups][:group_path],
-          Sequel[:groups][:group_name_path],
-          Sequel[:groups][:parent_id].as(:group_parent_id),
-          Sequel[:groups][:created_at].cast(:text).as(:group_created_at),
-          Sequel[:groups][:updated_at].cast(:text).as(:group_updated_at),
-
-          Sequel.lit(%[0 as "role_id"]),          # Sequel[:roles][:id].as(:role_id),
-          Sequel::NULL.as(:role_name),            # Sequel[:roles][:name].as(:role_name),
-          Sequel::NULL.as(:role_path),            # Sequel[:roles][:role_path],
-          Sequel::NULL.as(:role_name_path),       # Sequel[:roles][:role_name_path].as(:role_name_path),
-          Sequel::lit(%Q[0 as "role_parent_id"]), # Sequel[:roles][:parent_id].as(:role_parent_id),
-          Sequel::NULL.as(:role_created_at),      # Sequel[:roles][:created_at].as(:role_created_at),
-          Sequel::NULL.as(:role_updated_at),      # Sequel[:roles][:updated_at].as(:role_updated_at),
+          Sequel[:super_auth_users][:external_type].as(:user_external_type),
+          Sequel[:super_auth_users][:created_at].cast(cast_type).as(:user_created_at),
+          Sequel[:super_auth_users][:updated_at].cast(cast_type).as(:user_updated_at),
+
+          Sequel[:user_groups][:id].as(:group_id),
+          Sequel[:user_groups][:name].as(:group_name),
+          Sequel[:user_groups][:group_path],
+          Sequel[:user_groups][:group_name_path],
+          Sequel[:user_groups][:parent_id].as(:group_parent_id),
+          Sequel[:user_groups][:created_at].cast(cast_type).as(:group_created_at),
+          Sequel[:user_groups][:updated_at].cast(cast_type).as(:group_updated_at),
+
+          Sequel.cast(nil, integer_cast_type).as(:role_id),
+          Sequel.cast(nil, string_cast_type).as(:role_name),
+          Sequel.cast(nil, string_cast_type).as(:role_path),
+          Sequel.cast(nil, string_cast_type).as(:role_name_path),
+          Sequel.cast(nil, integer_cast_type).as(:role_parent_id),
+          Sequel.cast(nil, string_cast_type).as(:role_created_at),
+          Sequel.cast(nil, string_cast_type).as(:role_updated_at),
 
           Sequel[:super_auth_permissions][:id].as(:permission_id),
           Sequel[:super_auth_permissions][:name].as(:permission_name),
-          Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
-          Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
+          Sequel[:super_auth_permissions][:created_at].cast(cast_type).as(:permission_created_at),
+          Sequel[:super_auth_permissions][:updated_at].cast(cast_type).as(:permission_updated_at),
 
           Sequel[:super_auth_resources][:id].as(:resource_id),
           Sequel[:super_auth_resources][:name].as(:resource_name),
           Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
+          Sequel[:super_auth_resources][:external_type].as(:resource_external_type),
         ).
-        join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:group_id] => Sequel[:groups][:id]).
-        join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
-        join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
-        join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
         distinct
     end
 
     def users_roles_permissions_resources
+      cast_type = string_cast_type
+
+      # Step 1: Find which roles users are directly linked to via edges
+      user_role_ids_ds = SuperAuth::Edge.where(Sequel.~(user_id: nil) & Sequel.~(role_id: nil)).select(:role_id)
+
+      # Step 2: Expand those roles to all descendants via CTE
+      role_cte = SuperAuth::Role.cte(user_role_ids_ds).select {
+        [id.as(:role_id), name.as(:role_name), parent_id.as(:role_parent_id), role_path, role_name_path, created_at.as(:role_created_at), updated_at.as(:role_updated_at)]
+      }
+
+      # Step 3: Build the query from the expanded role tree
+      SuperAuth::Edge.from(role_cte.as(:users_roles_permissions_resources)).
+      # Join user_edges — match users who link to any role in the expanded CTE
+      # The user's edge links to an ancestor role, but the CTE path contains that ancestor
+      # We use the role_path to check: the role_path of the CTE row starts with the user's linked role
+      join(Sequel[:super_auth_edges].as(:user_edges),
+        Sequel.function(:concat, ',', Sequel[:users_roles_permissions_resources][:role_path], ',').like(
+          Sequel.function(:concat, '%,', Sequel[:user_edges][:role_id].cast(cast_type), ',%')
+        )
+      ).
+      where(Sequel.~(Sequel[:user_edges][:user_id] => nil) & Sequel.~(Sequel[:user_edges][:role_id] => nil)).
+      join(Sequel[:super_auth_users], id: Sequel[:user_edges][:user_id]).
+      select(
+        Sequel[:super_auth_users][:id].as(:user_id),
+        Sequel[:super_auth_users][:name].as(:user_name),
+        Sequel[:super_auth_users][:external_id].as(:user_external_id),
+        Sequel[:super_auth_users][:external_type].as(:user_external_type),
+        Sequel[:super_auth_users][:created_at].cast(cast_type).as(:user_created_at),
+        Sequel[:super_auth_users][:updated_at].cast(cast_type).as(:user_updated_at),
+
+        Sequel.cast(nil, integer_cast_type).as(:group_id),
+        Sequel.cast(nil, string_cast_type).as(:group_name),
+        Sequel.cast(nil, string_cast_type).as(:group_path),
+        Sequel.cast(nil, string_cast_type).as(:group_name_path),
+        Sequel.cast(nil, integer_cast_type).as(:group_parent_id),
+        Sequel.cast(nil, string_cast_type).as(:group_created_at),
+        Sequel.cast(nil, string_cast_type).as(:group_updated_at),
+
+        Sequel[:users_roles_permissions_resources][:role_id],
+        Sequel[:users_roles_permissions_resources][:role_name],
+        Sequel[:users_roles_permissions_resources][:role_path],
+        Sequel[:users_roles_permissions_resources][:role_name_path],
+        Sequel[:users_roles_permissions_resources][:role_parent_id],
+        Sequel[:users_roles_permissions_resources][:role_created_at].cast(cast_type).as(:role_created_at),
+        Sequel[:users_roles_permissions_resources][:role_updated_at].cast(cast_type).as(:role_updated_at),
+
+        Sequel[:super_auth_permissions][:id].as(:permission_id),
+        Sequel[:super_auth_permissions][:name].as(:permission_name),
+        Sequel[:super_auth_permissions][:created_at].cast(cast_type).as(:permission_created_at),
+        Sequel[:super_auth_permissions][:updated_at].cast(cast_type).as(:permission_updated_at),
+
+        Sequel[:super_auth_resources][:id].as(:resource_id),
+        Sequel[:super_auth_resources][:name].as(:resource_name),
+        Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
+        Sequel[:super_auth_resources][:external_type].as(:resource_external_type),
+      ).
+      # Join permission and resource edges on the expanded role
+      join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:users_roles_permissions_resources][:role_id]).
+      join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
+      join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
+      join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
+      distinct
+    end
+
+    def users_permissions_resources
+      cast_type = string_cast_type
       SuperAuth::User.
         join(Sequel[:super_auth_edges].as(:user_edges), user_id: :id).
-        join(SuperAuth::Role.from(SuperAuth::Role.trees).as(:roles), id: :role_id).
         select(
           Sequel[:super_auth_users][:id].as(:user_id),
           Sequel[:super_auth_users][:name].as(:user_name),
           Sequel[:super_auth_users][:external_id].as(:user_external_id),
-          Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
-          Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
-
-          Sequel.lit(%Q[0 as "group_id"]),                                       # Sequel[:super_auth_groups][:group_id],
-          Sequel::NULL.as(:group_name),                                          # Sequel[:super_auth_groups][:group_name],
-          Sequel::NULL.as(:group_path),                                          # Sequel[:super_auth_groups][:group_path],
-          Sequel::NULL.as(:group_name_path),                                     # Sequel[:super_auth_groups][:group_name_path],
-          Sequel.lit(%Q[0 as "group_parent_id"]),                                # Sequel[:super_auth_groups][:group_parent_id],
-          Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_created_at"]), # Sequel[:super_auth_groups][:group_created_at],
-          Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_updated_at"]), # Sequel[:super_auth_groups][:group_updated_at],
-
-          Sequel[:roles][:id].as(:role_id),
-          Sequel[:roles][:name].as(:role_name),
-          Sequel[:roles][:role_path],
-          Sequel[:roles][:role_name_path].as(:role_name_path),
-          Sequel[:roles][:parent_id].as(:role_parent_id),
-          Sequel[:roles][:created_at].cast(:text).as(:role_created_at),
-          Sequel[:roles][:updated_at].cast(:text).as(:role_updated_at),
+          Sequel[:super_auth_users][:external_type].as(:user_external_type),
+          Sequel[:super_auth_users][:created_at].cast(cast_type).as(:user_created_at),
+          Sequel[:super_auth_users][:updated_at].cast(cast_type).as(:user_updated_at),
+
+          Sequel.cast(nil, integer_cast_type).as(:group_id),
+          Sequel.cast(nil, string_cast_type).as(:group_name),
+          Sequel.cast(nil, string_cast_type).as(:group_path),
+          Sequel.cast(nil, string_cast_type).as(:group_name_path),
+          Sequel.cast(nil, integer_cast_type).as(:group_parent_id),
+          Sequel.cast(nil, string_cast_type).as(:group_created_at),
+          Sequel.cast(nil, string_cast_type).as(:group_updated_at),
+
+          Sequel.cast(nil, integer_cast_type).as(:role_id),
+          Sequel.cast(nil, string_cast_type).as(:role_name),
+          Sequel.cast(nil, string_cast_type).as(:role_path),
+          Sequel.cast(nil, string_cast_type).as(:role_name_path),
+          Sequel.cast(nil, integer_cast_type).as(:role_parent_id),
+          Sequel.cast(nil, string_cast_type).as(:role_created_at),
+          Sequel.cast(nil, string_cast_type).as(:role_updated_at),
 
           Sequel[:super_auth_permissions][:id].as(:permission_id),
           Sequel[:super_auth_permissions][:name].as(:permission_name),
-          Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
-          Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
+          Sequel[:super_auth_permissions][:created_at].cast(cast_type).as(:permission_created_at),
+          Sequel[:super_auth_permissions][:updated_at].cast(cast_type).as(:permission_updated_at),
 
           Sequel[:super_auth_resources][:id].as(:resource_id),
           Sequel[:super_auth_resources][:name].as(:resource_name),
           Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
-      ).
-      join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:roles][:id]).
+          Sequel[:super_auth_resources][:external_type].as(:resource_external_type)
+        ).
+      join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:user_id] => Sequel[:super_auth_users][:id]).
       join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
       join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
       join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
       distinct
     end
 
-    def users_permissions_resources
+    def users_resources
+      cast_type = string_cast_type
       SuperAuth::User.
         join(Sequel[:super_auth_edges].as(:user_edges), user_id: :id).
         select(
           Sequel[:super_auth_users][:id].as(:user_id),
           Sequel[:super_auth_users][:name].as(:user_name),
           Sequel[:super_auth_users][:external_id].as(:user_external_id),
-          Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
-          Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
-
-          Sequel.lit(%Q[0 as "group_id"]),      # Sequel[:groups][:group_id],
-          Sequel::NULL.as(:group_name),       # Sequel[:groups][:group_name],
-          Sequel::NULL.as(:group_path),       # Sequel[:groups][:group_path],
-          Sequel::NULL.as(:group_name_path),  # Sequel[:groups][:group_name_path],
-          Sequel.lit(%Q[0 as "group_parent_id"]),      # Sequel[:groups][:group_id],
-          Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_created_at"]), # Sequel[:groups][:group_created_at],
-          Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_updated_at"]), # Sequel[:groups][:group_updated_at],
-
-
-          Sequel.lit(%Q[0 as "role_id"]),        # Sequel[:roles][:role_id],
-          Sequel::NULL.as(:role_name),           # Sequel[:roles][:role_name],
-          Sequel::NULL.as(:role_path),           # Sequel[:roles][:role_path],
-          Sequel::NULL.as(:role_name_path),      # Sequel[:roles][:role_name_path],
-          Sequel.lit(%Q[0 as "role_parent_id"]), # Sequel[:roles][:role_parent_id],
-          Sequel::NULL.as(:role_created_at),     # Sequel[:roles][:role_created_at],
-          Sequel::NULL.as(:role_updated_at),     # Sequel[:roles][:role_updated_at],
+          Sequel[:super_auth_users][:external_type].as(:user_external_type),
+          Sequel[:super_auth_users][:created_at].cast(cast_type).as(:user_created_at),
+          Sequel[:super_auth_users][:updated_at].cast(cast_type).as(:user_updated_at),
 
-          Sequel[:super_auth_permissions][:id].as(:permission_id),
-          Sequel[:super_auth_permissions][:name].as(:permission_name),
-          Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
-          Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
+          Sequel.cast(nil, integer_cast_type).as(:group_id),
+          Sequel.cast(nil, string_cast_type).as(:group_name),
+          Sequel.cast(nil, string_cast_type).as(:group_path),
+          Sequel.cast(nil, string_cast_type).as(:group_name_path),
+          Sequel.cast(nil, integer_cast_type).as(:group_parent_id),
+          Sequel.cast(nil, string_cast_type).as(:group_created_at),
+          Sequel.cast(nil, string_cast_type).as(:group_updated_at),
+
+          Sequel.cast(nil, integer_cast_type).as(:role_id),
+          Sequel.cast(nil, string_cast_type).as(:role_name),
+          Sequel.cast(nil, string_cast_type).as(:role_path),
+          Sequel.cast(nil, string_cast_type).as(:role_name_path),
+          Sequel.cast(nil, integer_cast_type).as(:role_parent_id),
+          Sequel.cast(nil, string_cast_type).as(:role_created_at),
+          Sequel.cast(nil, string_cast_type).as(:role_updated_at),
+
+          Sequel.cast(nil, integer_cast_type).as(:permission_id),
+          Sequel.cast(nil, string_cast_type).as(:permission_name),
+          Sequel.cast(nil, string_cast_type).as(:permission_created_at),
+          Sequel.cast(nil, string_cast_type).as(:permission_updated_at),
 
           Sequel[:super_auth_resources][:id].as(:resource_id),
           Sequel[:super_auth_resources][:name].as(:resource_name),
-          Sequel[:super_auth_resources][:external_id].as(:resource_external_id)
+          Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
+          Sequel[:super_auth_resources][:external_type].as(:resource_external_type)
         ).
-      join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:user_id] => Sequel[:super_auth_users][:id]).
-      join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
-      join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
-      join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
+      join(Sequel[:super_auth_resources], Sequel[:user_edges][:resource_id] => Sequel[:super_auth_resources][:id]).
       distinct
     end
   end
-end
+
+  def to_h
+    {
+      user: self&.user&.name,
+      group: self&.group&.name,
+      role: self&.role&.name,
+      resource: self&.resource&.name,
+      permission: self&.permission&.name,
+    }
+  end
+end

data/lib/super_auth/group.rb

@@ -1,3 +1,4 @@
 class SuperAuth::Group < Sequel::Model(:super_auth_groups)
+  unrestrict_primary_key # For ActiveRecord
   include SuperAuth::Nestable
 end

data/lib/super_auth/nestable.rb

@@ -25,6 +25,16 @@ module SuperAuth::Nestable
   end
 
   module ClassMethods
+    # Helper method to get the appropriate string cast type for the database
+    def string_cast_type
+      case SuperAuth.db.database_type
+      when :mysql, :mysql2
+        :char
+      else
+        :text
+      end
+    end
+
     def cte(id = nil, direction = :desc)
       model = self
       cte_name = model.cte_name
@@ -59,17 +69,14 @@ module SuperAuth::Nestable
     def with_descending_paths(base_ds, recursive_ds, cte_name)
       [
         base_ds.select_append(
-          Sequel.function(
-            :cast,
-            Sequel[table_name][:id].as(:text)
-          ).as(base_path)
+          Sequel[table_name][:id].cast(string_cast_type).as(base_path)
         ).select_append(Sequel[table_name][:name].as(base_name_path)),
 
         recursive_ds.select_append(
           Sequel.function(:concat,
-            Sequel.function(:cast, Sequel[cte_name][base_path].as(:text)),
+            Sequel[cte_name][base_path].cast(string_cast_type),
             Sequel.lit("','"),
-            Sequel.function(:cast, Sequel[pluralize][:id].as(:text)),
+            Sequel[pluralize][:id].cast(string_cast_type),
           ).as(base_path)
         ).select_append(
            Sequel.function(:concat,
@@ -83,12 +90,12 @@ module SuperAuth::Nestable
 
     def with_ascending_paths(base_ds, recursive_ds, cte_name)
       [
-        base_ds.select_append(Sequel.function(:cast, Sequel[table_name][:id].as(:text)).as(base_path)).select_append(Sequel[table_name][:name].as(:base_name_path)),
+        base_ds.select_append(Sequel[table_name][:id].cast(string_cast_type).as(base_path)).select_append(Sequel[table_name][:name].as(base_name_path)),
         recursive_ds.select_append(
           Sequel.function(:concat,
-            Sequel.function(:cast, Sequel[table_name][:id].as(:text)),
+            Sequel[table_name][:id].cast(string_cast_type),
             Sequel.lit("','"),
-            Sequel.function(:cast, Sequel[cte_name][base_path].as(:text)),
+            Sequel[cte_name][base_path].cast(string_cast_type),
           ).as(base_path)
         ).select_append(
            Sequel.function(:concat,
@@ -129,4 +136,4 @@ module SuperAuth::Nestable
       "#{singularize(base)}_name_path".to_sym
     end
   end
-end
+end