npm - dzql - Versions diffs - 0.6.32 → 0.6.33 - Mend

dzql 0.6.32 → 0.6.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/cli/codegen/sql/search.ts +53 -13
package/src/cli/codegen/subscribable_sql.ts +61 -49

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dzql",
-  "version": "0.6.32",
+  "version": "0.6.33",
   "description": "Database-first real-time framework with TypeScript support",
   "repository": {
     "type": "git",

package/src/cli/codegen/sql/search.ts CHANGED Viewed

@@ -88,34 +88,74 @@ BEGIN
   v_sort_order := COALESCE(p_query->>'sort_order', 'asc');
   -- Build WHERE clause from filters
+  -- Note: We avoid ::TEXT casts to preserve index usage on numeric/date columns
+  -- The %L format specifier handles proper escaping for all types
   FOR v_field, v_filter IN SELECT * FROM jsonb_each(v_filters)
   LOOP
     -- Handle simple value (exact match)
-    IF jsonb_typeof(v_filter) IN ('string', 'number', 'boolean') THEN
-      v_where_clause := v_where_clause || format(' AND %I::TEXT = %L', v_field, v_filter #>> '{}');
-    ELSE
+    IF jsonb_typeof(v_filter) = 'number' THEN
+      -- Numeric: compare without casting
+      v_where_clause := v_where_clause || format(' AND %I = %s', v_field, v_filter);
+    ELSIF jsonb_typeof(v_filter) = 'boolean' THEN
+      -- Boolean: compare directly
+      v_where_clause := v_where_clause || format(' AND %I = %s', v_field, v_filter);
+    ELSIF jsonb_typeof(v_filter) = 'string' THEN
+      -- String: use proper quoting
+      v_where_clause := v_where_clause || format(' AND %I = %L', v_field, v_filter #>> '{}');
+    ELSIF jsonb_typeof(v_filter) = 'object' THEN
       -- Handle operator-based filters
       FOR v_operator, v_value IN SELECT * FROM jsonb_each(v_filter)
       LOOP
         CASE v_operator
           WHEN 'eq' THEN
-            v_where_clause := v_where_clause || format(' AND %I::TEXT = %L', v_field, v_value #>> '{}');
+            IF jsonb_typeof(v_value) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I = %s', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I = %L', v_field, v_value #>> '{}');
+            END IF;
           WHEN 'ne' THEN
-            v_where_clause := v_where_clause || format(' AND %I::TEXT != %L', v_field, v_value #>> '{}');
+            IF jsonb_typeof(v_value) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I != %s', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I != %L', v_field, v_value #>> '{}');
+            END IF;
           WHEN 'gt' THEN
-            v_where_clause := v_where_clause || format(' AND %I > %L', v_field, v_value #>> '{}');
+            IF jsonb_typeof(v_value) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I > %s', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I > %L', v_field, v_value #>> '{}');
+            END IF;
           WHEN 'gte' THEN
-            v_where_clause := v_where_clause || format(' AND %I >= %L', v_field, v_value #>> '{}');
+            IF jsonb_typeof(v_value) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I >= %s', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I >= %L', v_field, v_value #>> '{}');
+            END IF;
           WHEN 'lt' THEN
-            v_where_clause := v_where_clause || format(' AND %I < %L', v_field, v_value #>> '{}');
+            IF jsonb_typeof(v_value) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I < %s', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I < %L', v_field, v_value #>> '{}');
+            END IF;
           WHEN 'lte' THEN
-            v_where_clause := v_where_clause || format(' AND %I <= %L', v_field, v_value #>> '{}');
+            IF jsonb_typeof(v_value) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I <= %s', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I <= %L', v_field, v_value #>> '{}');
+            END IF;
           WHEN 'in' THEN
-            v_where_clause := v_where_clause || format(' AND %I::TEXT = ANY(%L)', v_field,
-              (SELECT array_agg(value #>> '{}') FROM jsonb_array_elements(v_value) AS value));
+            -- For IN, we need to handle arrays - cast elements appropriately
+            IF jsonb_typeof(v_value->0) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I = ANY(ARRAY(SELECT (jsonb_array_elements(%L))::int))', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I = ANY(ARRAY(SELECT jsonb_array_elements_text(%L)))', v_field, v_value);
+            END IF;
           WHEN 'not_in' THEN
-            v_where_clause := v_where_clause || format(' AND %I::TEXT != ALL(%L)', v_field,
-              (SELECT array_agg(value #>> '{}') FROM jsonb_array_elements(v_value) AS value));
+            IF jsonb_typeof(v_value->0) = 'number' THEN
+              v_where_clause := v_where_clause || format(' AND %I != ALL(ARRAY(SELECT (jsonb_array_elements(%L))::int))', v_field, v_value);
+            ELSE
+              v_where_clause := v_where_clause || format(' AND %I != ALL(ARRAY(SELECT jsonb_array_elements_text(%L)))', v_field, v_value);
+            END IF;
           WHEN 'like' THEN
             v_where_clause := v_where_clause || format(' AND %I LIKE %L', v_field, v_value #>> '{}');
           WHEN 'ilike' THEN

package/src/cli/codegen/subscribable_sql.ts CHANGED Viewed

@@ -9,6 +9,7 @@
  */
 import type { SubscribableIR, IncludeIR, EntityIR } from "../../shared/ir.js";
+import { parsePath } from "../compiler/paths.js";
 export function generateSubscribableSQL(name: string, sub: SubscribableIR, entities: Record<string, EntityIR> = {}): string {
   // Validate: if root.key is set, it must exist in params or start with '@'
@@ -144,6 +145,7 @@ $$;`;
 /**
  * Compile permission for subscribable can_subscribe function.
  * Uses RECORD dot notation since v_root is a RECORD, not JSONB.
+ * Supports unlimited traversal depth using the shared path parser.
  *
  * @param entityName - The root entity name
  * @param rule - The permission rule (e.g., "@org_id->acts_for[org_id=$]{active}.user_id")
@@ -156,69 +158,79 @@ function compileSubscribePermission(entityName: string, rule: string, rootKey: s
     return field === rootKey ? 'id' : field;
   };
-  // Case 1: Simple Field Check (@org_id)
-  // Implies: EXISTS (SELECT 1 FROM acts_for WHERE acts_for.org_id = v_root.id AND acts_for.user_id = p_user_id)
-  if (rule.match(/^@[a-zA-Z0-9_]+$/)) {
-    const field = rule.substring(1);
-    const rootField = resolveField(field);
-    // For simple field checks, we check acts_for membership
-    // The acts_for join uses the original field name (org_id), but v_root uses resolved field (id)
-    return `EXISTS (SELECT 1 FROM acts_for WHERE acts_for.${field} = v_root.${rootField} AND acts_for.user_id = p_user_id AND acts_for.active)`;
+  // Parse the path using the shared parser
+  const parsed = parsePath(rule);
+  if (!parsed.isValid) {
+    console.warn(`[Compiler] Warning: Invalid permission path '${rule}': ${parsed.error}`);
+    return 'FALSE';
   }
-  // Case 2: Graph Traversal (@field->table[filter]{condition}.user_id)
-  if (rule.includes('->')) {
-    const parts = rule.split('->');
-    const startField = parts[0].substring(1); // Remove @
-    const rootField = resolveField(startField);
+  // TRUE/FALSE literals
+  if (parsed.hops.length === 0) {
+    return rule === 'TRUE' || rule === 'true' ? 'TRUE' : 'FALSE';
+  }
-    // Multi-level paths not fully supported
-    if (parts.length > 2) {
-      console.warn(`[Compiler] Warning: Multi-level permission path '${rule}' not fully supported.`);
-      return 'FALSE';
-    }
+  // Simple field reference: @org_id implies checking acts_for membership
+  if (parsed.hops.length === 1 && parsed.hops[0].type === 'field') {
+    const field = parsed.hops[0].field!;
+    const rootField = resolveField(field);
+    return `EXISTS (SELECT 1 FROM acts_for WHERE acts_for.${field} = v_root.${rootField} AND acts_for.user_id = p_user_id AND acts_for.active)`;
+  }
-    const targetPart = parts[1];
+  // Traversal path - build EXISTS with nested subqueries for unlimited hops
+  // Start with the field from v_root
+  const startField = parsed.startField!;
+  const rootField = resolveField(startField);
-    const tableMatch = targetPart.match(/^([a-zA-Z0-9_]+)/);
-    if (!tableMatch) return 'FALSE';
-    const targetTable = tableMatch[1];
+  // Build value expression starting from v_root
+  let valueExpr = `v_root.${rootField}`;
-    // Extract filter: [org_id=$]
-    const filterMatch = targetPart.match(/\[([a-zA-Z0-9_]+)=\$\]/);
-    const joinField = filterMatch ? filterMatch[1] : null;
+  // Process intermediate hops (all but first field and last final)
+  for (let i = 1; i < parsed.hops.length - 1; i++) {
+    const hop = parsed.hops[i];
+    if (hop.type === 'table' && hop.table && hop.outputField) {
+      valueExpr = `(SELECT ${hop.outputField} FROM ${hop.table} WHERE id = ${valueExpr})`;
+    }
+  }
-    // Extract condition: {active}
-    const condMatch = targetPart.match(/\{([^}]+)\}/);
-    const condition = condMatch ? condMatch[1] : null;
+  // Final hop - build EXISTS check
+  const finalHop = parsed.hops[parsed.hops.length - 1];
+  if (finalHop.type !== 'final' || !finalHop.table) {
+    return 'FALSE';
+  }
-    let sql = `EXISTS (SELECT 1 FROM ${targetTable} WHERE `;
+  const conditions: string[] = [];
-    // Join Clause - use RECORD dot notation
-    // The target table uses its own column name (e.g., acts_for.org_id)
-    // The root uses the resolved field (e.g., v_root.id when startField matches rootKey)
-    if (joinField) {
-      sql += `${targetTable}.${joinField} = v_root.${rootField}`;
-    } else {
-      // Implicit join: table.id = v_root.field
-      sql += `${targetTable}.id = v_root.${rootField}`;
-    }
+  // Join condition
+  if (finalHop.filter && finalHop.filter.value === '$') {
+    conditions.push(`${finalHop.table}.${finalHop.filter.field} = ${valueExpr}`);
+  } else {
+    conditions.push(`${finalHop.table}.id = ${valueExpr}`);
+  }
-    // User Check
-    if (rule.endsWith('.user_id')) {
-      sql += ` AND ${targetTable}.user_id = p_user_id`;
-    }
+  // User check
+  if (finalHop.outputField === 'user_id') {
+    conditions.push(`${finalHop.table}.user_id = p_user_id`);
+  } else if (finalHop.outputField) {
+    conditions.push(`${finalHop.table}.${finalHop.outputField} = p_user_id`);
+  }
-    // Condition
-    if (condition) {
-      sql += ` AND ${targetTable}.${condition}`;
+  // Additional conditions from {active} or {role=admin}
+  for (const cond of finalHop.conditions || []) {
+    if (cond.type === 'boolean') {
+      conditions.push(`${finalHop.table}.${cond.field} = true`);
+    } else if (cond.type === 'equality') {
+      if (cond.value === 'NULL') {
+        conditions.push(`${finalHop.table}.${cond.field} IS NULL`);
+      } else {
+        const value = cond.value!.match(/^\d+$/) ? cond.value : `'${cond.value}'`;
+        conditions.push(`${finalHop.table}.${cond.field} = ${value}`);
+      }
     }
-    sql += `)`;
-    return sql;
   }
-  return 'FALSE'; // Default deny
+  return `EXISTS (SELECT 1 FROM ${finalHop.table} WHERE ${conditions.join(' AND ')})`;
 }
 /** Column info from EntityIR */