dzql 0.1.2 → 0.1.4

package/src/compiler/parser/entity-parser.js

@@ -0,0 +1,299 @@
+/**
+ * Entity Definition Parser
+ * Parses entity registration calls and extracts configuration
+ */
+
+export class EntityParser {
+  /**
+   * Parse a dzql.register_entity() call from SQL
+   * @param {string} sql - SQL containing register_entity call
+   * @returns {Object} Parsed entity configuration
+   */
+  parseFromSQL(sql) {
+    // Extract the register_entity call
+    const registerMatch = sql.match(/dzql\.register_entity\s*\(([\s\S]*?)\);/i);
+    if (!registerMatch) {
+      throw new Error('No register_entity call found in SQL');
+    }
+
+    const params = this._parseParameters(registerMatch[1]);
+
+    return this._buildEntityConfig(params);
+  }
+
+  /**
+   * Parse parameters from register_entity call
+   * @private
+   */
+  _parseParameters(paramsString) {
+    // Split by commas that are not inside quotes, parentheses, or brackets
+    const params = [];
+    let currentParam = '';
+    let depth = 0;
+    let inString = false;
+    let stringChar = null;
+
+    for (let i = 0; i < paramsString.length; i++) {
+      const char = paramsString[i];
+      const prevChar = i > 0 ? paramsString[i - 1] : '';
+
+      if ((char === "'" || char === '"') && prevChar !== '\\') {
+        if (!inString) {
+          inString = true;
+          stringChar = char;
+        } else if (char === stringChar) {
+          inString = false;
+          stringChar = null;
+        }
+      }
+
+      if (!inString) {
+        if (char === '(' || char === '{' || char === '[') depth++;
+        if (char === ')' || char === '}' || char === ']') depth--;
+
+        if (char === ',' && depth === 0) {
+          params.push(currentParam.trim());
+          currentParam = '';
+          continue;
+        }
+      }
+
+      currentParam += char;
+    }
+
+    if (currentParam.trim()) {
+      params.push(currentParam.trim());
+    }
+
+    return params;
+  }
+
+  /**
+   * Build entity configuration from parsed parameters
+   * @private
+   */
+  _buildEntityConfig(params) {
+    const config = {
+      tableName: this._cleanString(params[0]),
+      labelField: this._cleanString(params[1]),
+      searchableFields: this._parseArray(params[2]),
+      fkIncludes: params[3] ? this._parseJSON(params[3]) : {},
+      softDelete: params[4] ? this._parseBoolean(params[4]) : false,
+      temporalFields: params[5] ? this._parseJSON(params[5]) : {},
+      notificationPaths: params[6] ? this._parseJSON(params[6]) : {},
+      permissionPaths: params[7] ? this._parseJSON(params[7]) : {},
+      graphRules: params[8] ? this._parseJSON(params[8]) : {}
+    };
+
+    return config;
+  }
+
+  /**
+   * Clean a string parameter (remove quotes)
+   * @private
+   */
+  _cleanString(str) {
+    if (!str) return '';
+    // Remove outer quotes, SQL comments, then any remaining quotes and whitespace
+    let cleaned = str.replace(/^['"]|['"]$/g, '');  // Remove outer quotes
+    cleaned = cleaned.replace(/--[^\n]*/g, '');     // Remove SQL comments
+    cleaned = cleaned.replace(/['"\s]+$/g, '');     // Remove trailing quotes/whitespace
+    return cleaned.trim();
+  }
+
+  /**
+   * Parse an array parameter
+   * @private
+   */
+  _parseArray(str) {
+    if (!str || str === 'array[]::text[]') return [];
+
+    // Handle array['item1', 'item2'] format
+    // Use greedy match to get everything up to the last ] before optional ::type
+    const match = str.match(/array\[(.*)\](?:::.*)?$/i);
+    if (!match) return [];
+
+    // Split on commas that are not inside brackets or quotes
+    const items = [];
+    let current = '';
+    let depth = 0;
+    let inString = false;
+    let stringChar = null;
+
+    for (let i = 0; i < match[1].length; i++) {
+      const char = match[1][i];
+      const prev = i > 0 ? match[1][i - 1] : '';
+
+      if ((char === "'" || char === '"') && prev !== '\\') {
+        if (!inString) {
+          inString = true;
+          stringChar = char;
+        } else if (char === stringChar) {
+          inString = false;
+          stringChar = null;
+        }
+      }
+
+      if (!inString) {
+        if (char === '[') depth++;
+        if (char === ']') depth--;
+
+        if (char === ',' && depth === 0) {
+          items.push(current.trim().replace(/^['"]|['"]$/g, ''));
+          current = '';
+          continue;
+        }
+      }
+
+      current += char;
+    }
+
+    if (current.trim()) {
+      items.push(current.trim().replace(/^['"]|['"]$/g, ''));
+    }
+
+    return items.filter(item => item.length > 0);
+  }
+
+  /**
+   * Parse a JSONB parameter
+   * @private
+   */
+  _parseJSON(str) {
+    if (!str || str === '{}' || str === "'{}'") return {};
+
+    // Handle jsonb_build_object(...) calls
+    if (str.includes('jsonb_build_object')) {
+      return this._parseJSONBuildObject(str);
+    }
+
+    // Handle JSON string literals
+    if (str.startsWith("'") && str.endsWith("'")) {
+      try {
+        return JSON.parse(str.slice(1, -1).replace(/''/g, "'"));
+      } catch (e) {
+        console.warn('Failed to parse JSON:', str, e);
+        return {};
+      }
+    }
+
+    return {};
+  }
+
+  /**
+   * Parse jsonb_build_object(...) calls recursively
+   * @private
+   */
+  _parseJSONBuildObject(str) {
+    // Extract the content between jsonb_build_object( and )
+    const match = str.match(/jsonb_build_object\s*\(([\s\S]*)\)/i);
+    if (!match) return {};
+
+    const content = match[1];
+    const params = this._parseParameters(content);
+    const result = {};
+
+    // Process key-value pairs
+    for (let i = 0; i < params.length; i += 2) {
+      if (i + 1 >= params.length) break;
+
+      const key = this._cleanString(params[i]);
+      const value = params[i + 1];
+
+      // Handle nested jsonb_build_object
+      if (value.includes('jsonb_build_object')) {
+        result[key] = this._parseJSONBuildObject(value);
+      }
+      // Handle jsonb_build_array
+      else if (value.includes('jsonb_build_array')) {
+        result[key] = this._parseJSONBuildArray(value);
+      }
+      // Handle array literal
+      else if (value.startsWith('array[')) {
+        result[key] = this._parseArray(value);
+      }
+      // Handle simple values
+      else {
+        const cleanValue = this._cleanString(value);
+        result[key] = cleanValue;
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Parse jsonb_build_array(...) calls
+   * @private
+   */
+  _parseJSONBuildArray(str) {
+    const match = str.match(/jsonb_build_array\s*\(([\s\S]*)\)/i);
+    if (!match) return [];
+
+    const content = match[1];
+    const params = this._parseParameters(content);
+
+    return params.map(param => {
+      if (param.includes('jsonb_build_object')) {
+        return this._parseJSONBuildObject(param);
+      }
+      return this._cleanString(param);
+    });
+  }
+
+  /**
+   * Parse boolean value
+   * @private
+   */
+  _parseBoolean(str) {
+    const cleaned = str.trim().toLowerCase();
+    return cleaned === 'true' || cleaned === 't';
+  }
+
+  /**
+   * Parse entity definition from JS object (for programmatic use)
+   * @param {Object} entity - Entity definition object
+   * @returns {Object} Normalized entity configuration
+   */
+  parseFromObject(entity) {
+    return {
+      tableName: entity.tableName || entity.table,
+      labelField: entity.labelField || 'name',
+      searchableFields: entity.searchableFields || [],
+      fkIncludes: entity.fkIncludes || {},
+      softDelete: entity.softDelete || false,
+      temporalFields: entity.temporalFields || {},
+      notificationPaths: entity.notificationPaths || {},
+      permissionPaths: entity.permissionPaths || {},
+      graphRules: entity.graphRules || {}
+    };
+  }
+}
+
+/**
+ * Parse all entities from a SQL file
+ * @param {string} sql - SQL file content
+ * @returns {Array} Array of parsed entity configurations
+ */
+export function parseEntitiesFromSQL(sql) {
+  const parser = new EntityParser();
+  const entities = [];
+
+  // Find all register_entity calls
+  const registerCalls = sql.match(/dzql\.register_entity\s*\([\s\S]*?\);/gi);
+
+  if (!registerCalls) {
+    return entities;
+  }
+
+  for (const call of registerCalls) {
+    try {
+      const entity = parser.parseFromSQL(call);
+      entities.push(entity);
+    } catch (error) {
+      console.warn('Failed to parse entity:', error.message);
+    }
+  }
+
+  return entities;
+}

package/src/compiler/parser/path-parser.js

@@ -0,0 +1,290 @@
+/**
+ * Permission/Notification Path Parser
+ * Parses DZQL path DSL into AST for code generation
+ *
+ * Path Grammar:
+ * - Direct field: @field_name
+ * - FK traversal: @field->table.target_field
+ * - Conditional: @field->table[condition]{temporal}.target_field
+ * - Complex: field1.field2->table[filter].target
+ */
+
+export class PathParser {
+  /**
+   * Parse a permission/notification path into an AST
+   * @param {string} path - Path string to parse
+   * @returns {Object} AST representation
+   */
+  parse(path) {
+    if (!path || path.trim() === '') {
+      return { type: 'empty' };
+    }
+
+    // Direct field reference: @owner_id
+    if (path.match(/^@\w+$/)) {
+      return {
+        type: 'direct_field',
+        field: path.substring(1)
+      };
+    }
+
+    // Complex path with traversal
+    if (path.includes('->')) {
+      return this._parseTraversalPath(path);
+    }
+
+    // Field path with dot notation: field1.field2
+    if (path.includes('.') && !path.includes('->')) {
+      return this._parseDotPath(path);
+    }
+
+    // Unknown format
+    return {
+      type: 'unknown',
+      path
+    };
+  }
+
+  /**
+   * Parse a traversal path (contains ->)
+   * @private
+   */
+  _parseTraversalPath(path) {
+    const steps = [];
+    const parts = path.split('->');
+
+    for (let i = 0; i < parts.length; i++) {
+      const part = parts[i].trim();
+
+      if (i === 0) {
+        // First part: source field(s)
+        steps.push(this._parseSourceField(part));
+      } else if (i === parts.length - 1) {
+        // Last part: target field
+        steps.push(this._parseTargetField(part));
+      } else {
+        // Middle part: table with optional condition
+        steps.push(this._parseTableReference(part));
+      }
+    }
+
+    return {
+      type: 'traversal',
+      steps
+    };
+  }
+
+  /**
+   * Parse source field (can be @field or field.subfield)
+   * @private
+   */
+  _parseSourceField(part) {
+    if (part.startsWith('@')) {
+      return {
+        type: 'field_ref',
+        field: part.substring(1)
+      };
+    }
+
+    if (part.includes('.')) {
+      const fields = part.split('.');
+      return {
+        type: 'dot_path',
+        fields
+      };
+    }
+
+    return {
+      type: 'field_ref',
+      field: part
+    };
+  }
+
+  /**
+   * Parse table reference with optional filter and temporal marker
+   * Example: acts_for[org_id=$,role='admin']{active}
+   * @private
+   */
+  _parseTableReference(part) {
+    const result = {
+      type: 'table_ref',
+      table: null,
+      filter: null,
+      temporal: false,
+      targetField: null
+    };
+
+    // Extract temporal marker {active}
+    if (part.includes('{active}')) {
+      result.temporal = true;
+      part = part.replace('{active}', '');
+    }
+
+    // Extract filter [condition]
+    const filterMatch = part.match(/([a-z_]+)\[(.*?)\](\.(.+))?/i);
+    if (filterMatch) {
+      result.table = filterMatch[1];
+      result.filter = this._parseFilter(filterMatch[2]);
+      result.targetField = filterMatch[4] || null;
+      return result;
+    }
+
+    // Simple table.field reference
+    const dotMatch = part.match(/([a-z_]+)\.(.+)/i);
+    if (dotMatch) {
+      result.table = dotMatch[1];
+      result.targetField = dotMatch[2];
+      return result;
+    }
+
+    // Just table name
+    result.table = part;
+    return result;
+  }
+
+  /**
+   * Parse filter conditions
+   * Example: org_id=$,role='admin'
+   * @private
+   */
+  _parseFilter(filterStr) {
+    const conditions = [];
+    const parts = filterStr.split(',');
+
+    for (const part of parts) {
+      const trimmed = part.trim();
+
+      // Handle various comparison operators
+      if (trimmed.includes('=')) {
+        const [field, value] = trimmed.split('=').map(s => s.trim());
+        conditions.push({
+          field,
+          operator: '=',
+          value: value === '$' ? { type: 'param' } : this._parseValue(value)
+        });
+      }
+    }
+
+    return conditions;
+  }
+
+  /**
+   * Parse a value (string literal, number, param reference)
+   * @private
+   */
+  _parseValue(value) {
+    // String literal
+    if (value.startsWith("'") && value.endsWith("'")) {
+      return {
+        type: 'literal',
+        value: value.slice(1, -1)
+      };
+    }
+
+    // Number
+    if (/^\d+$/.test(value)) {
+      return {
+        type: 'number',
+        value: parseInt(value)
+      };
+    }
+
+    // Field reference
+    if (value.startsWith('@')) {
+      return {
+        type: 'field',
+        value: value.substring(1)
+      };
+    }
+
+    return {
+      type: 'literal',
+      value
+    };
+  }
+
+  /**
+   * Parse target field (last part of path)
+   * Example: user_id or users.user_id
+   * @private
+   */
+  _parseTargetField(part) {
+    // Check for temporal marker before removing it
+    const hasTemporal = part.includes('{active}');
+
+    // Remove temporal marker if present
+    part = part.replace('{active}', '');
+
+    // Check for table[filter].field pattern
+    const filterMatch = part.match(/([a-z_]+)\[(.*?)\]\.(.+)/i);
+    if (filterMatch) {
+      return {
+        type: 'table_ref',
+        table: filterMatch[1],
+        filter: this._parseFilter(filterMatch[2]),
+        temporal: hasTemporal,
+        targetField: filterMatch[3]
+      };
+    }
+
+    // Simple field reference
+    if (!part.includes('.')) {
+      return {
+        type: 'field_ref',
+        field: part
+      };
+    }
+
+    // Dot notation
+    const fields = part.split('.');
+    return {
+      type: 'dot_path',
+      fields
+    };
+  }
+
+  /**
+   * Parse dot path (field.subfield.subsubfield)
+   * @private
+   */
+  _parseDotPath(path) {
+    const fields = path.split('.').map(f => f.trim());
+    return {
+      type: 'dot_path',
+      fields
+    };
+  }
+
+  /**
+   * Parse multiple paths (used in permission arrays)
+   * @param {Array<string>} paths - Array of path strings
+   * @returns {Array<Object>} Array of ASTs
+   */
+  parseMultiple(paths) {
+    if (!Array.isArray(paths)) {
+      return [];
+    }
+
+    return paths.map(path => this.parse(path));
+  }
+}
+
+/**
+ * Utility function to parse a single path
+ * @param {string} path - Path to parse
+ * @returns {Object} AST
+ */
+export function parsePath(path) {
+  const parser = new PathParser();
+  return parser.parse(path);
+}
+
+/**
+ * Utility function to parse multiple paths
+ * @param {Array<string>} paths - Paths to parse
+ * @returns {Array<Object>} ASTs
+ */
+export function parsePaths(paths) {
+  const parser = new PathParser();
+  return parser.parseMultiple(paths);
+}

package/src/database/migrations/002_functions.sql

@@ -476,9 +476,26 @@ BEGIN
             l_temp_value int;
             l_segment_table text;
             l_segment_record jsonb;
+            l_replacement_value text;
           BEGIN
             FOR l_j IN 0..jsonb_array_length(l_current_result) - 1 LOOP
-              l_temp_segment := replace(l_continuation_parts[l_i], '$', (l_current_result->>l_j)::text);
+              l_replacement_value := (l_current_result->>l_j)::text;
+
+              -- Check if $ appears in a condition context table[field=$]
+              -- If so, we need to quote it properly for text values
+              IF l_continuation_parts[l_i] ~ '\[.*\$.*\]' THEN
+                -- Try to parse as integer first
+                BEGIN
+                  -- If it's an integer, use it directly
+                  l_temp_segment := replace(l_continuation_parts[l_i], '$', l_replacement_value::int::text);
+                EXCEPTION WHEN OTHERS THEN
+                  -- Not an integer, quote it as a literal
+                  l_temp_segment := replace(l_continuation_parts[l_i], '$', quote_literal(l_replacement_value));
+                END;
+              ELSE
+                -- Not in a condition, use raw value
+                l_temp_segment := replace(l_continuation_parts[l_i], '$', l_replacement_value);
+              END IF;
 
               -- Handle table.field syntax in continuation segments
               IF l_temp_segment ~ '^[a-z_]+\.[a-z_]+' THEN
@@ -498,7 +515,27 @@ BEGIN
           l_current_result := to_jsonb(l_current_ids);
         ELSE
           -- Single value result
-          l_current_segment := replace(l_current_segment, '$', l_current_result::text);
+          DECLARE
+            l_replacement_value text;
+          BEGIN
+            l_replacement_value := l_current_result::text;
+
+            -- Check if $ appears in a condition context table[field=$]
+            -- If so, we need to quote it properly for text values
+            IF l_current_segment ~ '\[.*\$.*\]' THEN
+              -- Try to parse as integer first
+              BEGIN
+                -- If it's an integer, use it directly
+                l_current_segment := replace(l_current_segment, '$', l_replacement_value::int::text);
+              EXCEPTION WHEN OTHERS THEN
+                -- Not an integer, quote it as a literal
+                l_current_segment := replace(l_current_segment, '$', quote_literal(l_replacement_value));
+              END;
+            ELSE
+              -- Not in a condition, use raw value
+              l_current_segment := replace(l_current_segment, '$', l_replacement_value);
+            END IF;
+          END;
 
           -- Handle table.field syntax in continuation segments
           IF l_current_segment ~ '^[a-z_]+\.[a-z_]+' THEN

package/src/database/migrations/003_operations.sql

@@ -345,18 +345,20 @@ BEGIN
                       p_entity);
     EXECUTE l_sql_stmt INTO l_result;
 
-    -- Execute graph rules for update
-    l_graph_rules_result := dzql.execute_graph_rules(
-      p_entity,
-      'update',
-      l_existing_record,
-      l_result,
-      p_user_id
-    );
 
   ELSE
     -- INSERT: Use provided values, let database handle defaults
 
+    -- Auto-inject user_id if table has a user_id column and it's not provided
+    IF EXISTS (
+      SELECT 1 FROM information_schema.columns
+      WHERE table_schema = 'public'
+      AND table_name = p_entity
+      AND column_name = 'user_id'
+    ) AND (l_args_json->>'user_id' IS NULL) THEN
+      l_args_json := l_args_json || jsonb_build_object('user_id', p_user_id);
+    END IF;
+
     -- Check create permission on new values
     l_operation := 'create';
     l_permission_record := l_args_json;
@@ -387,14 +389,6 @@ BEGIN
                       p_entity);
     EXECUTE l_sql_stmt INTO l_result;
 
-    -- Execute graph rules for insert
-    l_graph_rules_result := dzql.execute_graph_rules(
-      p_entity,
-      'insert',
-      NULL,
-      l_result,
-      p_user_id
-    );
   END IF;
 
   -- Execute graph rules for the appropriate operation

package/src/database/migrations/004_search.sql

@@ -342,6 +342,13 @@ BEGIN
     END IF;
   END IF;
 
+  -- Add permission check to WHERE clause
+  IF l_where_clause = '' OR l_where_clause = 'WHERE' THEN
+    l_where_clause := format('WHERE dzql.check_permission(%L, ''view'', %L, to_jsonb(t.*))', p_user_id, p_entity);
+  ELSE
+    l_where_clause := l_where_clause || format(' AND dzql.check_permission(%L, ''view'', %L, to_jsonb(t.*))', p_user_id, p_entity);
+  END IF;
+
   -- Build base SQL
   l_base_sql := format('FROM %I t %s', p_entity, l_where_clause);