odgn-rights 0.2.0 → 0.5.0

package/dist/adapters/schema.js

@@ -0,0 +1,186 @@
+/**
+ * Default table prefix for all adapter tables
+ */
+export const DEFAULT_TABLE_PREFIX = 'tbl_';
+/**
+ * Generate table names with the given prefix
+ */
+export const createTableNames = (prefix = DEFAULT_TABLE_PREFIX) => ({
+    rights: `${prefix}rights`,
+    roleInheritance: `${prefix}role_inheritance`,
+    roleRights: `${prefix}role_rights`,
+    roles: `${prefix}roles`,
+    subjectRights: `${prefix}subject_rights`,
+    subjectRoles: `${prefix}subject_roles`,
+    subjects: `${prefix}subjects`
+});
+/**
+ * Generate SQLite schema with the given table names
+ */
+export const generateSQLiteSchema = (tables) => `
+-- Rights table
+CREATE TABLE IF NOT EXISTS ${tables.rights} (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  path TEXT NOT NULL,
+  allow_mask INTEGER NOT NULL DEFAULT 0,
+  deny_mask INTEGER NOT NULL DEFAULT 0,
+  priority INTEGER NOT NULL DEFAULT 0,
+  description TEXT,
+  tags TEXT,
+  valid_from TEXT,
+  valid_until TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+  UNIQUE(path, allow_mask, deny_mask, priority, valid_from, valid_until)
+);
+
+-- Roles table
+CREATE TABLE IF NOT EXISTS ${tables.roles} (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL UNIQUE,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Role-Rights junction table
+CREATE TABLE IF NOT EXISTS ${tables.roleRights} (
+  role_id INTEGER NOT NULL,
+  right_id INTEGER NOT NULL,
+  PRIMARY KEY (role_id, right_id),
+  FOREIGN KEY (role_id) REFERENCES ${tables.roles}(id) ON DELETE CASCADE,
+  FOREIGN KEY (right_id) REFERENCES ${tables.rights}(id) ON DELETE CASCADE
+);
+
+-- Role inheritance table
+CREATE TABLE IF NOT EXISTS ${tables.roleInheritance} (
+  child_role_id INTEGER NOT NULL,
+  parent_role_id INTEGER NOT NULL,
+  PRIMARY KEY (child_role_id, parent_role_id),
+  FOREIGN KEY (child_role_id) REFERENCES ${tables.roles}(id) ON DELETE CASCADE,
+  FOREIGN KEY (parent_role_id) REFERENCES ${tables.roles}(id) ON DELETE CASCADE
+);
+
+-- Subjects table
+CREATE TABLE IF NOT EXISTS ${tables.subjects} (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  identifier TEXT NOT NULL UNIQUE,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Subject-Roles junction table
+CREATE TABLE IF NOT EXISTS ${tables.subjectRoles} (
+  subject_id INTEGER NOT NULL,
+  role_id INTEGER NOT NULL,
+  PRIMARY KEY (subject_id, role_id),
+  FOREIGN KEY (subject_id) REFERENCES ${tables.subjects}(id) ON DELETE CASCADE,
+  FOREIGN KEY (role_id) REFERENCES ${tables.roles}(id) ON DELETE CASCADE
+);
+
+-- Subject-Rights junction table (direct rights)
+CREATE TABLE IF NOT EXISTS ${tables.subjectRights} (
+  subject_id INTEGER NOT NULL,
+  right_id INTEGER NOT NULL,
+  PRIMARY KEY (subject_id, right_id),
+  FOREIGN KEY (subject_id) REFERENCES ${tables.subjects}(id) ON DELETE CASCADE,
+  FOREIGN KEY (right_id) REFERENCES ${tables.rights}(id) ON DELETE CASCADE
+);
+
+-- Indexes for common queries
+CREATE INDEX IF NOT EXISTS idx_${tables.rights}_path ON ${tables.rights}(path);
+CREATE INDEX IF NOT EXISTS idx_${tables.rights}_valid_dates ON ${tables.rights}(valid_from, valid_until);
+CREATE INDEX IF NOT EXISTS idx_${tables.roles}_name ON ${tables.roles}(name);
+`;
+/**
+ * Generate PostgreSQL schema with the given table names
+ */
+export const generatePostgresSchema = (tables) => `
+-- Rights table
+CREATE TABLE IF NOT EXISTS ${tables.rights} (
+  id SERIAL PRIMARY KEY,
+  path TEXT NOT NULL,
+  allow_mask INTEGER NOT NULL DEFAULT 0,
+  deny_mask INTEGER NOT NULL DEFAULT 0,
+  priority INTEGER NOT NULL DEFAULT 0,
+  description TEXT,
+  tags TEXT,
+  valid_from TIMESTAMPTZ,
+  valid_until TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  UNIQUE(path, allow_mask, deny_mask, priority, valid_from, valid_until)
+);
+
+-- Roles table
+CREATE TABLE IF NOT EXISTS ${tables.roles} (
+  id SERIAL PRIMARY KEY,
+  name TEXT NOT NULL UNIQUE,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Role-Rights junction table
+CREATE TABLE IF NOT EXISTS ${tables.roleRights} (
+  role_id INTEGER NOT NULL REFERENCES ${tables.roles}(id) ON DELETE CASCADE,
+  right_id INTEGER NOT NULL REFERENCES ${tables.rights}(id) ON DELETE CASCADE,
+  PRIMARY KEY (role_id, right_id)
+);
+
+-- Role inheritance table
+CREATE TABLE IF NOT EXISTS ${tables.roleInheritance} (
+  child_role_id INTEGER NOT NULL REFERENCES ${tables.roles}(id) ON DELETE CASCADE,
+  parent_role_id INTEGER NOT NULL REFERENCES ${tables.roles}(id) ON DELETE CASCADE,
+  PRIMARY KEY (child_role_id, parent_role_id)
+);
+
+-- Subjects table
+CREATE TABLE IF NOT EXISTS ${tables.subjects} (
+  id SERIAL PRIMARY KEY,
+  identifier TEXT NOT NULL UNIQUE,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Subject-Roles junction table
+CREATE TABLE IF NOT EXISTS ${tables.subjectRoles} (
+  subject_id INTEGER NOT NULL REFERENCES ${tables.subjects}(id) ON DELETE CASCADE,
+  role_id INTEGER NOT NULL REFERENCES ${tables.roles}(id) ON DELETE CASCADE,
+  PRIMARY KEY (subject_id, role_id)
+);
+
+-- Subject-Rights junction table (direct rights)
+CREATE TABLE IF NOT EXISTS ${tables.subjectRights} (
+  subject_id INTEGER NOT NULL REFERENCES ${tables.subjects}(id) ON DELETE CASCADE,
+  right_id INTEGER NOT NULL REFERENCES ${tables.rights}(id) ON DELETE CASCADE,
+  PRIMARY KEY (subject_id, right_id)
+);
+
+-- Indexes for common queries
+CREATE INDEX IF NOT EXISTS idx_${tables.rights}_path ON ${tables.rights}(path);
+CREATE INDEX IF NOT EXISTS idx_${tables.rights}_valid_dates ON ${tables.rights}(valid_from, valid_until);
+CREATE INDEX IF NOT EXISTS idx_${tables.roles}_name ON ${tables.roles}(name);
+`;
+/**
+ * Generate SQLite statements to drop all tables (useful for testing)
+ */
+export const generateSQLiteDropSchema = (tables) => `
+DROP TABLE IF EXISTS ${tables.subjectRights};
+DROP TABLE IF EXISTS ${tables.subjectRoles};
+DROP TABLE IF EXISTS ${tables.subjects};
+DROP TABLE IF EXISTS ${tables.roleInheritance};
+DROP TABLE IF EXISTS ${tables.roleRights};
+DROP TABLE IF EXISTS ${tables.roles};
+DROP TABLE IF EXISTS ${tables.rights};
+`;
+/**
+ * Generate PostgreSQL statements to drop all tables (useful for testing)
+ */
+export const generatePostgresDropSchema = (tables) => `
+DROP TABLE IF EXISTS ${tables.subjectRights} CASCADE;
+DROP TABLE IF EXISTS ${tables.subjectRoles} CASCADE;
+DROP TABLE IF EXISTS ${tables.subjects} CASCADE;
+DROP TABLE IF EXISTS ${tables.roleInheritance} CASCADE;
+DROP TABLE IF EXISTS ${tables.roleRights} CASCADE;
+DROP TABLE IF EXISTS ${tables.roles} CASCADE;
+DROP TABLE IF EXISTS ${tables.rights} CASCADE;
+`;

package/dist/adapters/sqlite-adapter.d.ts

@@ -0,0 +1,78 @@
+import { Flags } from '../constants';
+import { Right } from '../right';
+import { Rights } from '../rights';
+import { Role } from '../role';
+import { RoleRegistry } from '../role-registry';
+import { Subject } from '../subject';
+import { BaseAdapter } from './base-adapter';
+import type { BaseAdapterOptions, DatabaseAdapter } from './types';
+export type SQLiteAdapterOptions = BaseAdapterOptions & {
+    create?: boolean;
+    enableWAL?: boolean;
+    filename?: string;
+    readonly?: boolean;
+    strict?: boolean;
+};
+export declare class SQLiteAdapter extends BaseAdapter {
+    private db;
+    private readonly options;
+    private roleIdCache;
+    private transactionDepth;
+    private stmtInsertRight;
+    private stmtSelectRightById;
+    private stmtSelectAllRights;
+    private stmtDeleteRight;
+    private stmtInsertRole;
+    private stmtSelectRoleByName;
+    private stmtSelectAllRoles;
+    private stmtSelectRoleById;
+    private stmtDeleteRole;
+    private stmtInsertRoleRight;
+    private stmtDeleteRoleRights;
+    private stmtSelectRoleRights;
+    private stmtInsertRoleInheritance;
+    private stmtDeleteRoleInheritance;
+    private stmtDeleteChildInheritance;
+    private stmtSelectRoleInheritance;
+    private stmtInsertSubject;
+    private stmtSelectSubjectByIdentifier;
+    private stmtUpdateSubject;
+    private stmtDeleteSubject;
+    private stmtInsertSubjectRole;
+    private stmtDeleteSubjectRoles;
+    private stmtSelectSubjectRoles;
+    private stmtInsertSubjectRight;
+    private stmtDeleteSubjectRights;
+    private stmtSelectSubjectRights;
+    constructor(options?: SQLiteAdapterOptions);
+    connect(): Promise<void>;
+    prepareStatementsAfterMigration(): void;
+    disconnect(): Promise<void>;
+    migrate(): Promise<void>;
+    enableWAL(): Promise<void>;
+    saveRight(right: Right): Promise<number>;
+    saveRights(rights: Rights): Promise<number[]>;
+    loadRight(id: number): Promise<Right | null>;
+    loadRights(): Promise<Rights>;
+    loadRightsByPath(pathPattern: string): Promise<Rights>;
+    deleteRight(id: number): Promise<boolean>;
+    saveRole(role: Role): Promise<number>;
+    loadRole(name: string): Promise<Role | null>;
+    loadRoles(): Promise<Role[]>;
+    deleteRole(name: string): Promise<boolean>;
+    saveRegistry(registry: RoleRegistry): Promise<void>;
+    loadRegistry(): Promise<RoleRegistry>;
+    saveSubject(identifier: string, subject: Subject): Promise<number>;
+    loadSubject(identifier: string): Promise<Subject | null>;
+    deleteSubject(identifier: string): Promise<boolean>;
+    protected getAllSubjectIdentifiers(): Promise<string[]>;
+    /**
+     * Optimized findSubjectsWithAccess using batch loading with JOINs.
+     * Reduces N+1 queries to a constant number of queries regardless of subject count.
+     */
+    findSubjectsWithAccess(pathPattern: string, flags: Flags): Promise<string[]>;
+    clear(): Promise<void>;
+    transaction<T>(fn: (adapter: DatabaseAdapter) => Promise<T>): Promise<T>;
+    private prepareStatements;
+    private finalizeStatements;
+}