orchid-orm 1.64.7 → 1.64.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -3
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +2 -4
- package/dist/index.mjs.map +1 -1
- package/dist/migrations/index.js +441 -25
- package/dist/migrations/index.js.map +1 -1
- package/dist/migrations/index.mjs +443 -27
- package/dist/migrations/index.mjs.map +1 -1
- package/dist/migrations/node-postgres.js +441 -25
- package/dist/migrations/node-postgres.js.map +1 -1
- package/dist/migrations/node-postgres.mjs +443 -27
- package/dist/migrations/node-postgres.mjs.map +1 -1
- package/dist/migrations/postgres-js.js +441 -25
- package/dist/migrations/postgres-js.js.map +1 -1
- package/dist/migrations/postgres-js.mjs +443 -27
- package/dist/migrations/postgres-js.mjs.map +1 -1
- package/package.json +5 -5
|
@@ -2166,34 +2166,43 @@ const processTableChange = async (adapter, structureToAstCtx, dbStructure, domai
|
|
|
2166
2166
|
}
|
|
2167
2167
|
};
|
|
2168
2168
|
|
|
2169
|
+
const defaults = {
|
|
2170
|
+
super: false,
|
|
2171
|
+
inherit: false,
|
|
2172
|
+
createRole: false,
|
|
2173
|
+
createDb: false,
|
|
2174
|
+
canLogin: false,
|
|
2175
|
+
replication: false,
|
|
2176
|
+
connLimit: -1,
|
|
2177
|
+
bypassRls: false
|
|
2178
|
+
};
|
|
2169
2179
|
const processRoles = async (ast, dbStructure, { verifying, internal: { roles } }) => {
|
|
2170
2180
|
if (!dbStructure.roles || !roles) return;
|
|
2171
|
-
const codeRoles = roles.map(
|
|
2172
|
-
|
|
2173
|
-
|
|
2174
|
-
|
|
2175
|
-
|
|
2176
|
-
|
|
2177
|
-
|
|
2178
|
-
replication: false,
|
|
2179
|
-
connLimit: -1,
|
|
2180
|
-
bypassRls: false,
|
|
2181
|
-
...role
|
|
2182
|
-
})
|
|
2183
|
-
);
|
|
2181
|
+
const codeRoles = roles.map((role) => {
|
|
2182
|
+
const { defaultPrivileges: _, ...roleWithoutPrivileges } = role;
|
|
2183
|
+
return {
|
|
2184
|
+
...defaults,
|
|
2185
|
+
...roleWithoutPrivileges
|
|
2186
|
+
};
|
|
2187
|
+
});
|
|
2184
2188
|
const found = /* @__PURE__ */ new Set();
|
|
2185
2189
|
const dropRoles = [];
|
|
2186
2190
|
for (const dbRole of dbStructure.roles) {
|
|
2191
|
+
const {
|
|
2192
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
2193
|
+
defaultPrivileges: _,
|
|
2194
|
+
...dbRoleWithoutPrivileges
|
|
2195
|
+
} = dbRole;
|
|
2187
2196
|
const codeRole = codeRoles.find(
|
|
2188
2197
|
(codeRole2) => dbRole.name === codeRole2.name
|
|
2189
2198
|
);
|
|
2190
2199
|
if (codeRole) {
|
|
2191
2200
|
found.add(dbRole.name);
|
|
2192
|
-
if (!pqb.deepCompare(
|
|
2201
|
+
if (!pqb.deepCompare(dbRoleWithoutPrivileges, codeRole)) {
|
|
2193
2202
|
ast.push({
|
|
2194
2203
|
type: "changeRole",
|
|
2195
2204
|
name: dbRole.name,
|
|
2196
|
-
from:
|
|
2205
|
+
from: dbRoleWithoutPrivileges,
|
|
2197
2206
|
to: codeRole
|
|
2198
2207
|
});
|
|
2199
2208
|
}
|
|
@@ -2250,6 +2259,349 @@ const makeRenameOrChangeAst = (dbRole, codeRole) => {
|
|
|
2250
2259
|
}
|
|
2251
2260
|
};
|
|
2252
2261
|
|
|
2262
|
+
const ALL_OBJECT_TYPES = [
|
|
2263
|
+
"TABLES",
|
|
2264
|
+
"SEQUENCES",
|
|
2265
|
+
"FUNCTIONS",
|
|
2266
|
+
"TYPES",
|
|
2267
|
+
"SCHEMAS",
|
|
2268
|
+
"LARGE_OBJECTS"
|
|
2269
|
+
];
|
|
2270
|
+
const createAllObjectConfigs = (isGrantable, schema, supportedPrivileges) => {
|
|
2271
|
+
let types;
|
|
2272
|
+
if (schema) {
|
|
2273
|
+
types = ALL_OBJECT_TYPES.filter(
|
|
2274
|
+
(t) => t !== "SCHEMAS" && t !== "LARGE_OBJECTS"
|
|
2275
|
+
);
|
|
2276
|
+
} else {
|
|
2277
|
+
types = ALL_OBJECT_TYPES.filter((t) => {
|
|
2278
|
+
if (t === "LARGE_OBJECTS") {
|
|
2279
|
+
return supportedPrivileges.PRIVILEGES.LARGE_OBJECT !== void 0;
|
|
2280
|
+
}
|
|
2281
|
+
return true;
|
|
2282
|
+
});
|
|
2283
|
+
}
|
|
2284
|
+
return types.map((object) => ({
|
|
2285
|
+
object,
|
|
2286
|
+
privilegeConfigs: [{ privilege: "ALL", isGrantable }]
|
|
2287
|
+
}));
|
|
2288
|
+
};
|
|
2289
|
+
const objectTypeToKey = {
|
|
2290
|
+
TABLES: "tables",
|
|
2291
|
+
SEQUENCES: "sequences",
|
|
2292
|
+
FUNCTIONS: "functions",
|
|
2293
|
+
TYPES: "types",
|
|
2294
|
+
SCHEMAS: "schemas",
|
|
2295
|
+
LARGE_OBJECTS: "largeObjects"
|
|
2296
|
+
};
|
|
2297
|
+
const splitPrivilegeConfigs = (configs) => {
|
|
2298
|
+
const regular = [];
|
|
2299
|
+
const grantable = [];
|
|
2300
|
+
for (const p of configs) {
|
|
2301
|
+
if (p.isGrantable) {
|
|
2302
|
+
grantable.push(p.privilege);
|
|
2303
|
+
} else {
|
|
2304
|
+
regular.push(p.privilege);
|
|
2305
|
+
}
|
|
2306
|
+
}
|
|
2307
|
+
return { regular, grantable };
|
|
2308
|
+
};
|
|
2309
|
+
const createPrivilegeSetting = (regular, grantable) => {
|
|
2310
|
+
const setting = {};
|
|
2311
|
+
if (regular.length) setting.privileges = regular;
|
|
2312
|
+
if (grantable.length) setting.grantablePrivileges = grantable;
|
|
2313
|
+
return setting;
|
|
2314
|
+
};
|
|
2315
|
+
const collapsePrivileges = (privs, newPrivilegeConfigs, expectedPrivs, isGrantable) => {
|
|
2316
|
+
const hasAll = privs.some((p) => p.privilege === "ALL");
|
|
2317
|
+
const allPresent = hasAll || privs.length > 0 && privs.length === expectedPrivs.length && expectedPrivs.every((priv) => privs.some((p) => p.privilege === priv));
|
|
2318
|
+
if (allPresent) {
|
|
2319
|
+
newPrivilegeConfigs.push({ privilege: "ALL", isGrantable });
|
|
2320
|
+
} else if (privs.length > 0) {
|
|
2321
|
+
newPrivilegeConfigs.push(...privs);
|
|
2322
|
+
}
|
|
2323
|
+
};
|
|
2324
|
+
const collapsePrivilegesToAll = (privilege, objectTypeToAllPrivileges) => {
|
|
2325
|
+
const collapsedObjectConfigs = privilege.objectConfigs.map(
|
|
2326
|
+
(objConfig) => {
|
|
2327
|
+
const allPrivileges = objectTypeToAllPrivileges[objConfig.object];
|
|
2328
|
+
const expectedPrivs = allPrivileges.filter((p) => p !== "ALL");
|
|
2329
|
+
const regularPrivs = [];
|
|
2330
|
+
const grantablePrivs = [];
|
|
2331
|
+
for (const p of objConfig.privilegeConfigs) {
|
|
2332
|
+
if (p.isGrantable) {
|
|
2333
|
+
grantablePrivs.push(p);
|
|
2334
|
+
} else {
|
|
2335
|
+
regularPrivs.push(p);
|
|
2336
|
+
}
|
|
2337
|
+
}
|
|
2338
|
+
const newPrivilegeConfigs = [];
|
|
2339
|
+
collapsePrivileges(
|
|
2340
|
+
regularPrivs,
|
|
2341
|
+
newPrivilegeConfigs,
|
|
2342
|
+
expectedPrivs,
|
|
2343
|
+
false
|
|
2344
|
+
);
|
|
2345
|
+
collapsePrivileges(
|
|
2346
|
+
grantablePrivs,
|
|
2347
|
+
newPrivilegeConfigs,
|
|
2348
|
+
expectedPrivs,
|
|
2349
|
+
true
|
|
2350
|
+
);
|
|
2351
|
+
return {
|
|
2352
|
+
object: objConfig.object,
|
|
2353
|
+
privilegeConfigs: newPrivilegeConfigs
|
|
2354
|
+
};
|
|
2355
|
+
}
|
|
2356
|
+
);
|
|
2357
|
+
return {
|
|
2358
|
+
owner: privilege.owner,
|
|
2359
|
+
grantee: privilege.grantee,
|
|
2360
|
+
schema: privilege.schema,
|
|
2361
|
+
objectConfigs: collapsedObjectConfigs
|
|
2362
|
+
};
|
|
2363
|
+
};
|
|
2364
|
+
const privilegeConfigsMatch = (a, b, objectType, objectTypeToAllPrivileges) => {
|
|
2365
|
+
if (a.privilege === b.privilege && a.isGrantable === b.isGrantable) {
|
|
2366
|
+
return true;
|
|
2367
|
+
}
|
|
2368
|
+
const allPrivileges = objectTypeToAllPrivileges[objectType];
|
|
2369
|
+
const expectedPrivs = allPrivileges.filter((p) => p !== "ALL");
|
|
2370
|
+
if (a.privilege === "ALL" && a.isGrantable === b.isGrantable) {
|
|
2371
|
+
return expectedPrivs.includes(b.privilege);
|
|
2372
|
+
}
|
|
2373
|
+
if (b.privilege === "ALL" && a.isGrantable === b.isGrantable) {
|
|
2374
|
+
return expectedPrivs.includes(a.privilege);
|
|
2375
|
+
}
|
|
2376
|
+
return false;
|
|
2377
|
+
};
|
|
2378
|
+
const normalizeRoleName = (name) => {
|
|
2379
|
+
if (name.startsWith('"') && name.endsWith('"')) {
|
|
2380
|
+
return name.slice(1, -1);
|
|
2381
|
+
}
|
|
2382
|
+
return name;
|
|
2383
|
+
};
|
|
2384
|
+
const processPrivilegeConfig = (config, objectType) => {
|
|
2385
|
+
if (!config) return;
|
|
2386
|
+
const privilegeConfigs = [];
|
|
2387
|
+
if (config.privileges) {
|
|
2388
|
+
for (const p of config.privileges) {
|
|
2389
|
+
privilegeConfigs.push({ privilege: p, isGrantable: false });
|
|
2390
|
+
}
|
|
2391
|
+
}
|
|
2392
|
+
if (config.grantablePrivileges) {
|
|
2393
|
+
for (const p of config.grantablePrivileges) {
|
|
2394
|
+
privilegeConfigs.push({ privilege: p, isGrantable: true });
|
|
2395
|
+
}
|
|
2396
|
+
}
|
|
2397
|
+
if (privilegeConfigs.length) {
|
|
2398
|
+
return { object: objectType, privilegeConfigs };
|
|
2399
|
+
}
|
|
2400
|
+
return;
|
|
2401
|
+
};
|
|
2402
|
+
const hasAnyPrivilege = (obj) => {
|
|
2403
|
+
if (!obj) return false;
|
|
2404
|
+
for (const key of ALL_OBJECT_TYPES) {
|
|
2405
|
+
const setting = obj[objectTypeToKey[key]];
|
|
2406
|
+
if (setting?.privileges?.length || setting?.grantablePrivileges?.length) {
|
|
2407
|
+
return true;
|
|
2408
|
+
}
|
|
2409
|
+
}
|
|
2410
|
+
return false;
|
|
2411
|
+
};
|
|
2412
|
+
const processDefaultPrivileges = (ast, dbStructure, { internal: { roles } }) => {
|
|
2413
|
+
if (!dbStructure.defaultPrivileges || !roles) return;
|
|
2414
|
+
const supportedPrivileges = pqb.getSupportedDefaultPrivileges(
|
|
2415
|
+
dbStructure.version
|
|
2416
|
+
);
|
|
2417
|
+
const objectTypeToAllPrivileges = {};
|
|
2418
|
+
objectTypeToAllPrivileges.TABLES = supportedPrivileges.PRIVILEGES.TABLE;
|
|
2419
|
+
objectTypeToAllPrivileges.SEQUENCES = supportedPrivileges.PRIVILEGES.SEQUENCE;
|
|
2420
|
+
objectTypeToAllPrivileges.FUNCTIONS = supportedPrivileges.PRIVILEGES.FUNCTION;
|
|
2421
|
+
objectTypeToAllPrivileges.TYPES = supportedPrivileges.PRIVILEGES.TYPE;
|
|
2422
|
+
objectTypeToAllPrivileges.SCHEMAS = supportedPrivileges.PRIVILEGES.SCHEMA;
|
|
2423
|
+
if (supportedPrivileges.PRIVILEGES.LARGE_OBJECT) {
|
|
2424
|
+
objectTypeToAllPrivileges.LARGE_OBJECTS = supportedPrivileges.PRIVILEGES.LARGE_OBJECT;
|
|
2425
|
+
}
|
|
2426
|
+
const codePrivileges = /* @__PURE__ */ new Map();
|
|
2427
|
+
for (const role of roles) {
|
|
2428
|
+
if (!role.defaultPrivileges) continue;
|
|
2429
|
+
for (const privilege of role.defaultPrivileges) {
|
|
2430
|
+
const key = `${role.name}.${privilege.schema}`;
|
|
2431
|
+
const objectConfigs = [];
|
|
2432
|
+
if (privilege.allGrantable) {
|
|
2433
|
+
objectConfigs.push(
|
|
2434
|
+
...createAllObjectConfigs(
|
|
2435
|
+
true,
|
|
2436
|
+
privilege.schema,
|
|
2437
|
+
supportedPrivileges
|
|
2438
|
+
)
|
|
2439
|
+
);
|
|
2440
|
+
} else if (privilege.all) {
|
|
2441
|
+
objectConfigs.push(
|
|
2442
|
+
...createAllObjectConfigs(
|
|
2443
|
+
false,
|
|
2444
|
+
privilege.schema,
|
|
2445
|
+
supportedPrivileges
|
|
2446
|
+
)
|
|
2447
|
+
);
|
|
2448
|
+
}
|
|
2449
|
+
for (const objectType of ALL_OBJECT_TYPES) {
|
|
2450
|
+
if (privilege.schema && (objectType === "SCHEMAS" || objectType === "LARGE_OBJECTS")) {
|
|
2451
|
+
continue;
|
|
2452
|
+
}
|
|
2453
|
+
if (objectType === "LARGE_OBJECTS" && !supportedPrivileges.PRIVILEGES.LARGE_OBJECT) {
|
|
2454
|
+
continue;
|
|
2455
|
+
}
|
|
2456
|
+
const key2 = objectTypeToKey[objectType];
|
|
2457
|
+
if (key2 in privilege) {
|
|
2458
|
+
const config = privilege[key2];
|
|
2459
|
+
const processed = processPrivilegeConfig(config, objectType);
|
|
2460
|
+
if (processed) {
|
|
2461
|
+
const existingIndex = objectConfigs.findIndex(
|
|
2462
|
+
(o) => o.object === objectType
|
|
2463
|
+
);
|
|
2464
|
+
if (existingIndex >= 0) {
|
|
2465
|
+
objectConfigs[existingIndex] = processed;
|
|
2466
|
+
} else {
|
|
2467
|
+
objectConfigs.push(processed);
|
|
2468
|
+
}
|
|
2469
|
+
}
|
|
2470
|
+
}
|
|
2471
|
+
}
|
|
2472
|
+
if (objectConfigs.length) {
|
|
2473
|
+
codePrivileges.set(key, {
|
|
2474
|
+
owner: void 0,
|
|
2475
|
+
grantee: role.name,
|
|
2476
|
+
schema: privilege.schema,
|
|
2477
|
+
objectConfigs
|
|
2478
|
+
});
|
|
2479
|
+
}
|
|
2480
|
+
}
|
|
2481
|
+
}
|
|
2482
|
+
const found = /* @__PURE__ */ new Set();
|
|
2483
|
+
for (const dbPrivilege of dbStructure.defaultPrivileges) {
|
|
2484
|
+
const grantee = normalizeRoleName(dbPrivilege.grantee);
|
|
2485
|
+
if (grantee === "postgres") continue;
|
|
2486
|
+
const key = `${grantee}.${dbPrivilege.schema}`;
|
|
2487
|
+
const codePrivilege = codePrivileges.get(key);
|
|
2488
|
+
if (codePrivilege) {
|
|
2489
|
+
found.add(key);
|
|
2490
|
+
const grant = {};
|
|
2491
|
+
const revoke = {};
|
|
2492
|
+
for (const objectType of ALL_OBJECT_TYPES) {
|
|
2493
|
+
if (objectType === "LARGE_OBJECTS" && !supportedPrivileges.PRIVILEGES.LARGE_OBJECT) {
|
|
2494
|
+
continue;
|
|
2495
|
+
}
|
|
2496
|
+
const dbObj = dbPrivilege.objectConfigs.find(
|
|
2497
|
+
(o) => o.object === objectType
|
|
2498
|
+
);
|
|
2499
|
+
const codeObj = codePrivilege.objectConfigs.find(
|
|
2500
|
+
(o) => o.object === objectType
|
|
2501
|
+
);
|
|
2502
|
+
const dbPrivs = dbObj?.privilegeConfigs ?? [];
|
|
2503
|
+
const codePrivs = codeObj?.privilegeConfigs ?? [];
|
|
2504
|
+
const collapsedDbPrivilege = {
|
|
2505
|
+
owner: dbPrivilege.owner,
|
|
2506
|
+
grantee: dbPrivilege.grantee,
|
|
2507
|
+
schema: dbPrivilege.schema,
|
|
2508
|
+
objectConfigs: [{ object: objectType, privilegeConfigs: dbPrivs }]
|
|
2509
|
+
};
|
|
2510
|
+
const collapsedDbObj = collapsePrivilegesToAll(
|
|
2511
|
+
collapsedDbPrivilege,
|
|
2512
|
+
objectTypeToAllPrivileges
|
|
2513
|
+
).objectConfigs[0];
|
|
2514
|
+
const collapsedDbPrivs = collapsedDbObj?.privilegeConfigs ?? [];
|
|
2515
|
+
const toGrant = codePrivs.filter(
|
|
2516
|
+
(cp) => !collapsedDbPrivs.some(
|
|
2517
|
+
(dp) => privilegeConfigsMatch(
|
|
2518
|
+
cp,
|
|
2519
|
+
dp,
|
|
2520
|
+
objectType,
|
|
2521
|
+
objectTypeToAllPrivileges
|
|
2522
|
+
)
|
|
2523
|
+
)
|
|
2524
|
+
);
|
|
2525
|
+
const toRevoke = dbPrivs.filter(
|
|
2526
|
+
(dp) => !codePrivs.some(
|
|
2527
|
+
(cp) => privilegeConfigsMatch(
|
|
2528
|
+
cp,
|
|
2529
|
+
dp,
|
|
2530
|
+
objectType,
|
|
2531
|
+
objectTypeToAllPrivileges
|
|
2532
|
+
)
|
|
2533
|
+
)
|
|
2534
|
+
);
|
|
2535
|
+
if (toGrant.length) {
|
|
2536
|
+
const { regular, grantable } = splitPrivilegeConfigs(toGrant);
|
|
2537
|
+
const setting = createPrivilegeSetting(regular, grantable);
|
|
2538
|
+
if (setting.privileges || setting.grantablePrivileges) {
|
|
2539
|
+
grant[objectTypeToKey[objectType]] = setting;
|
|
2540
|
+
}
|
|
2541
|
+
}
|
|
2542
|
+
if (toRevoke.length) {
|
|
2543
|
+
const { regular, grantable } = splitPrivilegeConfigs(toRevoke);
|
|
2544
|
+
const setting = createPrivilegeSetting(regular, grantable);
|
|
2545
|
+
if (setting.privileges || setting.grantablePrivileges) {
|
|
2546
|
+
revoke[objectTypeToKey[objectType]] = setting;
|
|
2547
|
+
}
|
|
2548
|
+
}
|
|
2549
|
+
}
|
|
2550
|
+
const hasGrant = hasAnyPrivilege(grant);
|
|
2551
|
+
const hasRevoke = hasAnyPrivilege(revoke);
|
|
2552
|
+
if (hasGrant || hasRevoke) {
|
|
2553
|
+
ast.push({
|
|
2554
|
+
type: "defaultPrivilege",
|
|
2555
|
+
grantee,
|
|
2556
|
+
schema: dbPrivilege.schema,
|
|
2557
|
+
grant: hasGrant ? grant : void 0,
|
|
2558
|
+
revoke: hasRevoke ? revoke : void 0
|
|
2559
|
+
});
|
|
2560
|
+
}
|
|
2561
|
+
} else {
|
|
2562
|
+
const revoke = {};
|
|
2563
|
+
for (const obj of dbPrivilege.objectConfigs) {
|
|
2564
|
+
const { regular, grantable } = splitPrivilegeConfigs(
|
|
2565
|
+
obj.privilegeConfigs
|
|
2566
|
+
);
|
|
2567
|
+
const setting = createPrivilegeSetting(regular, grantable);
|
|
2568
|
+
if (setting.privileges || setting.grantablePrivileges) {
|
|
2569
|
+
revoke[objectTypeToKey[obj.object]] = setting;
|
|
2570
|
+
}
|
|
2571
|
+
}
|
|
2572
|
+
if (hasAnyPrivilege(revoke)) {
|
|
2573
|
+
ast.push({
|
|
2574
|
+
type: "defaultPrivilege",
|
|
2575
|
+
grantee,
|
|
2576
|
+
schema: dbPrivilege.schema,
|
|
2577
|
+
revoke
|
|
2578
|
+
});
|
|
2579
|
+
}
|
|
2580
|
+
}
|
|
2581
|
+
}
|
|
2582
|
+
for (const [key, codePrivilege] of codePrivileges) {
|
|
2583
|
+
if (found.has(key)) continue;
|
|
2584
|
+
const grant = {};
|
|
2585
|
+
for (const obj of codePrivilege.objectConfigs) {
|
|
2586
|
+
const { regular, grantable } = splitPrivilegeConfigs(
|
|
2587
|
+
obj.privilegeConfigs
|
|
2588
|
+
);
|
|
2589
|
+
const setting = createPrivilegeSetting(regular, grantable);
|
|
2590
|
+
if (setting.privileges || setting.grantablePrivileges) {
|
|
2591
|
+
grant[objectTypeToKey[obj.object]] = setting;
|
|
2592
|
+
}
|
|
2593
|
+
}
|
|
2594
|
+
if (hasAnyPrivilege(grant)) {
|
|
2595
|
+
ast.push({
|
|
2596
|
+
type: "defaultPrivilege",
|
|
2597
|
+
grantee: codePrivilege.grantee,
|
|
2598
|
+
schema: codePrivilege.schema,
|
|
2599
|
+
grant
|
|
2600
|
+
});
|
|
2601
|
+
}
|
|
2602
|
+
}
|
|
2603
|
+
};
|
|
2604
|
+
|
|
2253
2605
|
class PendingDbTypes {
|
|
2254
2606
|
constructor() {
|
|
2255
2607
|
this.set = /* @__PURE__ */ new Set();
|
|
@@ -2261,6 +2613,7 @@ class PendingDbTypes {
|
|
|
2261
2613
|
const composeMigration = async (adapter, config, ast, dbStructure, params) => {
|
|
2262
2614
|
const { structureToAstCtx, currentSchema } = params;
|
|
2263
2615
|
await processRoles(ast, dbStructure, params);
|
|
2616
|
+
processDefaultPrivileges(ast, dbStructure, params);
|
|
2264
2617
|
const domainsMap = rakeDb.makeDomainsMap(structureToAstCtx, dbStructure);
|
|
2265
2618
|
await processSchemas(ast, dbStructure, params);
|
|
2266
2619
|
processExtensions(ast, dbStructure, params);
|
|
@@ -2287,7 +2640,7 @@ const composeMigration = async (adapter, config, ast, dbStructure, params) => {
|
|
|
2287
2640
|
};
|
|
2288
2641
|
|
|
2289
2642
|
const rollbackErr = new Error("Rollback");
|
|
2290
|
-
const verifyMigration = async (adapter, config, migrationCode, generateMigrationParams, roles) => {
|
|
2643
|
+
const verifyMigration = async (adapter, config, migrationCode, generateMigrationParams, roles, defaultPrivileges) => {
|
|
2291
2644
|
const migrationFn = new Function("change", migrationCode);
|
|
2292
2645
|
let code;
|
|
2293
2646
|
try {
|
|
@@ -2304,7 +2657,8 @@ const verifyMigration = async (adapter, config, migrationCode, generateMigration
|
|
|
2304
2657
|
await changeFn(db, true);
|
|
2305
2658
|
}
|
|
2306
2659
|
const dbStructure = await rakeDb.introspectDbSchema(trx, {
|
|
2307
|
-
roles
|
|
2660
|
+
roles,
|
|
2661
|
+
loadDefaultPrivileges: defaultPrivileges?.loadDefaultPrivileges
|
|
2308
2662
|
});
|
|
2309
2663
|
generateMigrationParams.verifying = true;
|
|
2310
2664
|
try {
|
|
@@ -2633,12 +2987,59 @@ const report = (ast, config, currentSchema) => {
|
|
|
2633
2987
|
);
|
|
2634
2988
|
break;
|
|
2635
2989
|
case "renameRole":
|
|
2636
|
-
code.push(
|
|
2637
|
-
`${yellow("~ rename role")} ${a.from} ${yellow("=>")} ${a.to}`
|
|
2638
|
-
);
|
|
2639
|
-
break;
|
|
2640
2990
|
case "changeRole": {
|
|
2641
|
-
|
|
2991
|
+
if (a.type === "renameRole") {
|
|
2992
|
+
code.push(
|
|
2993
|
+
`${yellow("~ rename role")} ${a.from} ${yellow("=>")} ${a.to}`
|
|
2994
|
+
);
|
|
2995
|
+
} else {
|
|
2996
|
+
code.push(`${yellow("~ change role")} ${a.name}`);
|
|
2997
|
+
}
|
|
2998
|
+
break;
|
|
2999
|
+
}
|
|
3000
|
+
case "defaultPrivilege": {
|
|
3001
|
+
const mapPrivilege = (p) => p === "ALL" ? "ALL PRIVILEGES" : p;
|
|
3002
|
+
const schema = a.schema ? ` in schema ${pqb.colors.pale(a.schema)}` : ` ${pqb.colors.pale("in all schemas")}`;
|
|
3003
|
+
const parts = [];
|
|
3004
|
+
if (a.grant) {
|
|
3005
|
+
for (const [objType, config2] of Object.entries(a.grant)) {
|
|
3006
|
+
if (!config2) continue;
|
|
3007
|
+
const type = objType.replace(/([A-Z])/g, " $1").toLowerCase();
|
|
3008
|
+
if (config2.privileges?.length) {
|
|
3009
|
+
parts.push(
|
|
3010
|
+
`${green("+ grant default privileges")} ${config2.privileges.map(mapPrivilege).join(", ")} on ${type} to ${a.grantee}${schema}`
|
|
3011
|
+
);
|
|
3012
|
+
}
|
|
3013
|
+
if (config2.grantablePrivileges?.length) {
|
|
3014
|
+
parts.push(
|
|
3015
|
+
`${green(
|
|
3016
|
+
"+ grant default privileges"
|
|
3017
|
+
)} ${config2.grantablePrivileges.map(mapPrivilege).join(", ")} on ${type} with grant option to ${a.grantee}${schema}`
|
|
3018
|
+
);
|
|
3019
|
+
}
|
|
3020
|
+
}
|
|
3021
|
+
}
|
|
3022
|
+
if (a.revoke) {
|
|
3023
|
+
for (const [objType, config2] of Object.entries(a.revoke)) {
|
|
3024
|
+
if (!config2) continue;
|
|
3025
|
+
const type = objType.replace(/([A-Z])/g, " $1").toLowerCase();
|
|
3026
|
+
if (config2.privileges?.length) {
|
|
3027
|
+
parts.push(
|
|
3028
|
+
`${red("- revoke default privileges")} ${config2.privileges.map(mapPrivilege).join(", ")} on ${type} from ${a.grantee}${schema}`
|
|
3029
|
+
);
|
|
3030
|
+
}
|
|
3031
|
+
if (config2.grantablePrivileges?.length) {
|
|
3032
|
+
parts.push(
|
|
3033
|
+
`${red(
|
|
3034
|
+
"- revoke default privileges"
|
|
3035
|
+
)} ${config2.grantablePrivileges.map(mapPrivilege).join(", ")} on ${type} with grant option from ${a.grantee}${schema}`
|
|
3036
|
+
);
|
|
3037
|
+
}
|
|
3038
|
+
}
|
|
3039
|
+
}
|
|
3040
|
+
if (parts.length) {
|
|
3041
|
+
code.push(parts.join("\n"));
|
|
3042
|
+
}
|
|
2642
3043
|
break;
|
|
2643
3044
|
}
|
|
2644
3045
|
default:
|
|
@@ -2677,6 +3078,7 @@ const generate = async (adapters, config, args, afterPull) => {
|
|
|
2677
3078
|
adapters,
|
|
2678
3079
|
config,
|
|
2679
3080
|
rolesDbStructureParam,
|
|
3081
|
+
internal.roles ? { loadDefaultPrivileges: true } : void 0,
|
|
2680
3082
|
afterPull
|
|
2681
3083
|
);
|
|
2682
3084
|
const [adapter] = adapters;
|
|
@@ -2718,7 +3120,8 @@ const generate = async (adapters, config, args, afterPull) => {
|
|
|
2718
3120
|
config,
|
|
2719
3121
|
migrationCode,
|
|
2720
3122
|
generateMigrationParams,
|
|
2721
|
-
rolesDbStructureParam
|
|
3123
|
+
rolesDbStructureParam,
|
|
3124
|
+
internal.roles ? { loadDefaultPrivileges: true } : void 0
|
|
2722
3125
|
);
|
|
2723
3126
|
if (result !== void 0) {
|
|
2724
3127
|
throw new Error(
|
|
@@ -2776,10 +3179,12 @@ const getDbFromConfig = async (config, dbPath) => {
|
|
|
2776
3179
|
}
|
|
2777
3180
|
return db;
|
|
2778
3181
|
};
|
|
2779
|
-
const migrateAndPullStructures = async (adapters, config, roles, afterPull) => {
|
|
3182
|
+
const migrateAndPullStructures = async (adapters, config, roles, defaultPrivileges, afterPull) => {
|
|
2780
3183
|
if (afterPull) {
|
|
3184
|
+
const version = await rakeDb.getDbVersion(adapters[0]);
|
|
2781
3185
|
return {
|
|
2782
3186
|
dbStructure: {
|
|
3187
|
+
version,
|
|
2783
3188
|
schemas: [],
|
|
2784
3189
|
tables: [],
|
|
2785
3190
|
views: [],
|
|
@@ -2800,7 +3205,8 @@ const migrateAndPullStructures = async (adapters, config, roles, afterPull) => {
|
|
|
2800
3205
|
const dbStructures = await Promise.all(
|
|
2801
3206
|
adapters.map(
|
|
2802
3207
|
(adapter) => rakeDb.introspectDbSchema(adapter, {
|
|
2803
|
-
roles
|
|
3208
|
+
roles,
|
|
3209
|
+
loadDefaultPrivileges: defaultPrivileges?.loadDefaultPrivileges
|
|
2804
3210
|
})
|
|
2805
3211
|
)
|
|
2806
3212
|
);
|
|
@@ -2853,6 +3259,7 @@ const getActualItems = async (db, currentSchema, internal, columnTypes) => {
|
|
|
2853
3259
|
tables: [],
|
|
2854
3260
|
domains: []
|
|
2855
3261
|
};
|
|
3262
|
+
codeItems.schemas.add(currentSchema);
|
|
2856
3263
|
const domains = /* @__PURE__ */ new Map();
|
|
2857
3264
|
for (const key in db) {
|
|
2858
3265
|
if (key[0] === "$") continue;
|
|
@@ -2927,6 +3334,15 @@ const getActualItems = async (db, currentSchema, internal, columnTypes) => {
|
|
|
2927
3334
|
codeItems.schemas.add(domain.schemaName);
|
|
2928
3335
|
codeItems.domains.push(domain);
|
|
2929
3336
|
}
|
|
3337
|
+
if (internal.roles) {
|
|
3338
|
+
for (const role of internal.roles) {
|
|
3339
|
+
if (role.defaultPrivileges) {
|
|
3340
|
+
for (const privilege of role.defaultPrivileges) {
|
|
3341
|
+
if (privilege.schema) codeItems.schemas.add(privilege.schema);
|
|
3342
|
+
}
|
|
3343
|
+
}
|
|
3344
|
+
}
|
|
3345
|
+
}
|
|
2930
3346
|
return codeItems;
|
|
2931
3347
|
};
|
|
2932
3348
|
const processEnumColumn = (column, currentSchema, codeItems) => {
|