npm - @objectstack/driver-sql - Versions diffs - 10.2.0 → 10.3.0 - Mend

@objectstack/driver-sql 10.2.0 → 10.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -476,6 +476,30 @@ declare class SqlDriver implements IDataDriver {
     analyzeQuery(object: string, query: any, options?: DriverOptions): Promise<any>;
     syncSchema(object: string, schema: unknown, _options?: DriverOptions): Promise<void>;
     dropTable(object: string, _options?: DriverOptions): Promise<void>;
+    /**
+     * Resolve the per-table tenant-isolation column for a schema, honoring an
+     * explicit tenancy opt-out. Single source of truth for both {@link initObjects}
+     * and {@link registerExternalObject} (they previously inlined this logic and
+     * drifted).
+     *
+     * Precedence:
+     *  1. `tenancy.enabled === false` → `null` (NO driver-level org scope), even
+     *     when the object carries an `organization_id` column. Platform-global
+     *     objects (e.g. `sys_license`) keep an optional, often-NULL org FK but must
+     *     NOT be tenant-scoped: otherwise an authenticated caller's active-org
+     *     `DriverOptions.tenantId` injects `WHERE organization_id = <org>` and every
+     *     NULL-org / cross-org row silently disappears (the platform admin then
+     *     reads zero licenses while an unscoped/anonymous read still sees them).
+     *     The declarative branch below already respected `enabled !== false`; the
+     *     implicit `organization_id` fallback did not — this closes that gap.
+     *  2. Declared `tenancy.tenantField` (when that field exists on the object).
+     *  3. Implicit `organization_id` column detection (legacy objects whose
+     *     multi-tenant column was injected by the kernel without a spec migration).
+     */
+    protected computeTenantField(schema: {
+        fields?: Record<string, any>;
+        tenancy?: any;
+    }): string | null;
     /**
      * Batch-initialise tables from an array of object definitions.
      */

package/dist/index.d.ts CHANGED Viewed

@@ -476,6 +476,30 @@ declare class SqlDriver implements IDataDriver {
     analyzeQuery(object: string, query: any, options?: DriverOptions): Promise<any>;
     syncSchema(object: string, schema: unknown, _options?: DriverOptions): Promise<void>;
     dropTable(object: string, _options?: DriverOptions): Promise<void>;
+    /**
+     * Resolve the per-table tenant-isolation column for a schema, honoring an
+     * explicit tenancy opt-out. Single source of truth for both {@link initObjects}
+     * and {@link registerExternalObject} (they previously inlined this logic and
+     * drifted).
+     *
+     * Precedence:
+     *  1. `tenancy.enabled === false` → `null` (NO driver-level org scope), even
+     *     when the object carries an `organization_id` column. Platform-global
+     *     objects (e.g. `sys_license`) keep an optional, often-NULL org FK but must
+     *     NOT be tenant-scoped: otherwise an authenticated caller's active-org
+     *     `DriverOptions.tenantId` injects `WHERE organization_id = <org>` and every
+     *     NULL-org / cross-org row silently disappears (the platform admin then
+     *     reads zero licenses while an unscoped/anonymous read still sees them).
+     *     The declarative branch below already respected `enabled !== false`; the
+     *     implicit `organization_id` fallback did not — this closes that gap.
+     *  2. Declared `tenancy.tenantField` (when that field exists on the object).
+     *  3. Implicit `organization_id` column detection (legacy objects whose
+     *     multi-tenant column was injected by the kernel without a spec migration).
+     */
+    protected computeTenantField(schema: {
+        fields?: Record<string, any>;
+        tenancy?: any;
+    }): string | null;
     /**
      * Batch-initialise tables from an array of object definitions.
      */

package/dist/index.js CHANGED Viewed

@@ -1088,6 +1088,37 @@ var SqlDriver = class {
     this.assertSchemaMutable("dropTable");
     await this.knex.schema.dropTableIfExists(object);
   }
+  /**
+   * Resolve the per-table tenant-isolation column for a schema, honoring an
+   * explicit tenancy opt-out. Single source of truth for both {@link initObjects}
+   * and {@link registerExternalObject} (they previously inlined this logic and
+   * drifted).
+   *
+   * Precedence:
+   *  1. `tenancy.enabled === false` → `null` (NO driver-level org scope), even
+   *     when the object carries an `organization_id` column. Platform-global
+   *     objects (e.g. `sys_license`) keep an optional, often-NULL org FK but must
+   *     NOT be tenant-scoped: otherwise an authenticated caller's active-org
+   *     `DriverOptions.tenantId` injects `WHERE organization_id = <org>` and every
+   *     NULL-org / cross-org row silently disappears (the platform admin then
+   *     reads zero licenses while an unscoped/anonymous read still sees them).
+   *     The declarative branch below already respected `enabled !== false`; the
+   *     implicit `organization_id` fallback did not — this closes that gap.
+   *  2. Declared `tenancy.tenantField` (when that field exists on the object).
+   *  3. Implicit `organization_id` column detection (legacy objects whose
+   *     multi-tenant column was injected by the kernel without a spec migration).
+   */
+  computeTenantField(schema) {
+    const tenancyDecl = schema?.tenancy;
+    if (tenancyDecl?.enabled === false) return null;
+    const fields = schema?.fields;
+    if (tenancyDecl?.tenantField) {
+      const declared = String(tenancyDecl.tenantField);
+      if (fields && Object.prototype.hasOwnProperty.call(fields, declared)) return declared;
+    }
+    if (fields && Object.prototype.hasOwnProperty.call(fields, "organization_id")) return "organization_id";
+    return null;
+  }
   /**
    * Batch-initialise tables from an array of object definitions.
    */
@@ -1139,18 +1170,7 @@ var SqlDriver = class {
     const dateCols = [];
     const datetimeCols = [];
     const autoNumberCols = [];
-    const tenancyDecl = schema?.tenancy;
-    let tenantField = null;
-    if (tenancyDecl && tenancyDecl.enabled !== false && tenancyDecl.tenantField) {
-      const declared = String(tenancyDecl.tenantField);
-      if (schema.fields && Object.prototype.hasOwnProperty.call(schema.fields, declared)) {
-        tenantField = declared;
-      }
-    }
-    if (!tenantField) {
-      const hasOrgField = !!(schema.fields && Object.prototype.hasOwnProperty.call(schema.fields, "organization_id"));
-      tenantField = hasOrgField ? "organization_id" : null;
-    }
+    const tenantField = this.computeTenantField(schema);
     if (schema.fields) {
       for (const [name, field] of Object.entries(schema.fields)) {
         const type = field.type || "string";
@@ -1188,18 +1208,7 @@ var SqlDriver = class {
       const booleanCols = [];
       const numericCols = [];
       const autoNumberCols = [];
-      const tenancyDecl = obj?.tenancy;
-      let tenantField = null;
-      if (tenancyDecl && tenancyDecl.enabled !== false && tenancyDecl.tenantField) {
-        const declared = String(tenancyDecl.tenantField);
-        if (obj.fields && Object.prototype.hasOwnProperty.call(obj.fields, declared)) {
-          tenantField = declared;
-        }
-      }
-      if (!tenantField) {
-        const hasOrgField = !!(obj.fields && Object.prototype.hasOwnProperty.call(obj.fields, "organization_id"));
-        tenantField = hasOrgField ? "organization_id" : null;
-      }
+      const tenantField = this.computeTenantField(obj);
       if (obj.fields) {
         for (const [name, field] of Object.entries(obj.fields)) {
           const type = field.type || "string";