prostgles-server 4.2.160 → 4.2.162

package/lib/PubSubManager/initPubSubManager.ts

@@ -0,0 +1,79 @@
+import { isDefined, isObject } from "prostgles-types";
+import { PostgresNotifListenManager } from "../PostgresNotifListenManager";
+import { getWatchSchemaTagList } from "../SchemaWatch/getWatchSchemaTagList";
+import { NOTIF_CHANNEL, PubSubManager, asValue } from "./PubSubManager";
+import { getPubSubManagerInitQuery } from "./getPubSubManagerInitQuery";
+export const REALTIME_TRIGGER_CHECK_QUERY = "prostgles-server internal query used to manage realtime triggers" as const;  
+
+export const tout = (ms: number) => new Promise(res => setTimeout(res, ms));
+
+export async function initPubSubManager(this: PubSubManager): Promise<PubSubManager | undefined> {
+  if (!this.getIsDestroyed()) return undefined;
+
+  const initQuery = await getPubSubManagerInitQuery.bind(this.dboBuilder)();
+
+  /**
+   * High database activity might cause deadlocks.
+   * Must retry
+  */
+  let didDeadlock = false;
+  let tries = 3;
+  let error: any;
+  while (isDefined(initQuery) && tries > 0) {
+    try {
+      /** Try to reduce race condition deadlocks due to multiple clients connecting at the same time */
+      await tout(Math.random());
+
+      // await this.dboBuilder.runClientTransactionStatement(initQuery);// this.db.tx(t => t.any(initQuery));
+      await this.db.tx(t => t.any(initQuery));
+      error = undefined;
+      tries = 0;
+    } catch (e: any) {
+      if(!didDeadlock && isObject(e) && e.code === "40P01"){
+        didDeadlock = true;
+        tries = 5;
+        console.error("Deadlock detected. Retrying...");
+      }
+      error = e;
+      tries --;
+    }
+  }
+  if(error){
+    throw error;
+  }
+
+  if (!this.getIsDestroyed()) return;
+
+  /* Prepare App id */
+  if (!this.appInfoWasInserted) {
+    this.appInfoWasInserted = true;
+    const check_frequency_ms = this.appCheckFrequencyMS;
+    const watching_schema_tag_names = this.dboBuilder.prostgles.schemaWatch?.type.watchType !== "NONE" ? getWatchSchemaTagList(this.dboBuilder.prostgles.opts.watchSchema) : null;
+    await this.db.one(
+      "INSERT INTO prostgles.apps (id, check_frequency_ms, watching_schema_tag_names, application_name) \
+      VALUES($1, $2, $3, current_setting('application_name')) \
+      RETURNING *; "
+      , [
+        this.appId,
+        check_frequency_ms,
+        watching_schema_tag_names
+      ]
+    );
+
+    const appRecord = await this.db.one("SELECT * FROM prostgles.apps WHERE id = $1", [this.appId]);
+    if (!appRecord || !appRecord.application_name?.includes(this.appId)) {
+      throw `initPubSubManager error: App record with application_name containing appId (${this.appId}) not found`;
+    }
+
+    await this.db.any(`
+      DELETE FROM prostgles.app_triggers
+      WHERE app_id = ${asValue(this.appId)}
+    `);
+  }
+
+  this.postgresNotifListenManager = new PostgresNotifListenManager(this.db, this.notifListener, NOTIF_CHANNEL.getFull(this.appId));
+
+  await this.initialiseEventTriggers();
+
+  return this;
+}

package/lib/PubSubManager/notifListener.ts

@@ -0,0 +1,173 @@
+import { log, NOTIF_TYPE, pickKeys, PubSubManager } from "./PubSubManager";
+
+/* Relay relevant data to relevant subscriptions */
+export async function notifListener(this: PubSubManager, data: { payload: string }) {
+  const str = data.payload;
+
+  if (!str) {
+    console.error("Unexpected Empty notif")
+    return;
+  }
+
+  const dataArr = str.split(PubSubManager.DELIMITER);
+  const notifType = dataArr[0];
+
+  log(str);
+
+  if (notifType === NOTIF_TYPE.schema) {
+
+    if (this.dboBuilder.prostgles.schemaWatch?.onSchemaChange) {
+      const [_, command, _event_type, query] = dataArr;
+      await this.dboBuilder.prostgles.opts.onLog?.({ type: "debug", command: "schemaChangeNotif", duration: 0, data: { command, query } });
+
+      if (query && command) {
+        this.dboBuilder.prostgles.schemaWatch.onSchemaChange({ command, query })
+      }
+    }
+
+    return;
+  } else if(notifType === NOTIF_TYPE.data_trigger_change) {
+    
+    await this.refreshTriggers();
+    return;
+  }
+
+  if (notifType !== NOTIF_TYPE.data) {
+    console.error("Unexpected notif type: ", notifType);
+    return;
+  }
+
+  if (dataArr.length < 3) {
+    throw "notifListener: dataArr length < 3"
+  }
+  
+  const [_, table_name, op_name, condition_ids_str] = dataArr;
+  const condition_ids = condition_ids_str?.split(",").map(v => +v);
+  
+  
+  if(!table_name) {
+    throw "table_name undef";
+  }
+
+  const tableTriggerConditions = this._triggers?.[table_name]?.map((condition, idx) => ({
+    idx,
+    condition,
+    subs: this.getTriggerSubs(table_name, condition),
+    syncs: this.getSyncs(table_name, condition),
+  }));
+  let state: "error" | "no-triggers" | "ok" | "invalid_condition_ids" = "ok";
+  
+  // const triggers = await this.db.any("SELECT * FROM prostgles.triggers WHERE table_name = $1 AND id IN ($2:csv)", [table_name, condition_ids_str.split(",").map(v => +v)]);
+  // const conditions: string[] = triggers.map(t => t.condition);
+  
+
+  if(!tableTriggerConditions?.length){
+    state = "no-triggers";
+
+    /* Trigger error */
+  } else if (
+    condition_ids_str?.startsWith("error")
+  ) {
+    state = "error";
+    const pref = "INTERNAL ERROR";
+    console.error(`${pref}: condition_ids_str: ${condition_ids_str}`)
+    tableTriggerConditions.map(({ condition }) => {
+      const subs = this.getTriggerSubs(table_name, condition);
+      subs.map(s => {
+        this.pushSubData(s, pref + ". Check server logs. Schema might have changed");
+      })
+    });
+
+    /* Trigger ok */
+  } else if (
+    condition_ids?.every(id => Number.isInteger(id))
+  ) {
+
+    state = "ok";
+    const firedTableConditions = tableTriggerConditions.filter(({ idx }) => condition_ids.includes(idx));
+    const orphanedTableConditions = condition_ids.filter((condId) => {
+      const tc = tableTriggerConditions.at(condId);
+      return !tc || (tc.subs.length === 0 && tc.syncs.length === 0);
+    });
+    if(orphanedTableConditions.length){
+      this.db
+        .any(`
+          /* Delete removed subscriptions */
+          /* ${PubSubManager.EXCLUDE_QUERY_FROM_SCHEMA_WATCH_ID} */
+          DELETE FROM prostgles.app_triggers at
+          WHERE EXISTS (
+            SELECT 1
+            FROM prostgles.v_triggers t
+            WHERE t.table_name = $1 
+            AND t.c_id IN ($2:csv) 
+            AND t.app_id = $3
+            AND at.app_id = t.app_id
+            AND at.table_name = t.table_name
+            AND at.condition = t.condition
+          ) 
+          `, 
+          [table_name, orphanedTableConditions, this.appId]
+        )
+        .then(() => {
+          this.refreshTriggers();
+        })
+        .catch(e => {
+          console.error("Error deleting orphaned triggers", e);
+        });
+    }
+
+    firedTableConditions.map(({ subs, syncs }) => {
+
+      log("notifListener", subs.map(s => s.channel_name), syncs.map(s => s.channel_name))
+
+      syncs.map((s) => {
+        this.syncData(s, undefined, "trigger");
+      });
+
+      /* Throttle the subscriptions */
+      const activeAndReadySubs = subs.filter(sub => 
+        sub.triggers.some(trg => 
+          this.dbo[trg.table_name] &&
+          sub.is_ready &&
+          (sub.socket_id && this.sockets[sub.socket_id] || sub.localFuncs)
+        )
+      );
+      activeAndReadySubs.forEach(sub => {
+        const { throttle = 0, throttleOpts } = sub;
+        if (!throttleOpts?.skipFirst && sub.last_throttled <= Date.now() - throttle) {
+          sub.last_throttled = Date.now();
+
+          /* It is assumed the policy was checked before this point */
+          this.pushSubData(sub);
+        } else if (!sub.is_throttling) {
+
+          log("throttling sub")
+          sub.is_throttling = setTimeout(() => {
+            log("throttling finished. pushSubData...")
+            sub.is_throttling = null;
+            sub.last_throttled = Date.now();
+            this.pushSubData(sub);
+          }, throttle);
+        }
+      });
+
+    });
+
+    /* Trigger unknown issue */
+  } else {
+    state = "invalid_condition_ids";
+  }
+
+  await this._log({ 
+    type: "sync",
+    command: "notifListener",
+    state,
+    tableName: table_name, 
+    op_name, 
+    condition_ids_str,
+    tableTriggers: this._triggers?.[table_name],
+    tableSyncs: JSON.stringify(this.syncs.filter(s => s.table_name === table_name).map(s => pickKeys(s, ["condition", "socket_id"]))),
+    connectedSocketIds: this.connectedSocketIds,
+  });
+
+}

package/lib/PubSubManager/orphanTriggerCheck.ts

@@ -0,0 +1,70 @@
+import { PubSubManager } from './PubSubManager';
+import { REALTIME_TRIGGER_CHECK_QUERY } from "./initPubSubManager";
+
+/**
+ * Schema and Data watch triggers (DB_OBJ_NAMES.schema_watch_func, DB_OBJ_NAMES.data_watch_func) 
+ * survive and continue to user resources even after the client disconnects.
+ * We must therefore delete apps that do not have active connections
+ */
+
+const queryIdentifier = "prostgles query used to keep track of which prgl backend clients are still connected";
+const connectedApplicationNamesQuery = `
+  SELECT DISTINCT application_name
+  FROM prostgles.apps 
+  WHERE application_name IN (
+    SELECT application_name 
+    FROM pg_catalog.pg_stat_activity
+  )
+`; 
+
+export const DELETE_DISCONNECTED_APPS_QUERY = `
+  DELETE FROM prostgles.apps a
+  WHERE NOT EXISTS (
+    SELECT 1
+    FROM pg_catalog.pg_stat_activity s
+    WHERE s.application_name = a.application_name
+  )
+`;
+
+/** It is a function to prevent undefined EXCLUDE_QUERY_FROM_SCHEMA_WATCH_ID */
+export const getAppCheckQuery = () => `
+  /* 
+    ${queryIdentifier}
+    ${REALTIME_TRIGGER_CHECK_QUERY} 
+    ${PubSubManager.EXCLUDE_QUERY_FROM_SCHEMA_WATCH_ID}
+  */
+  IF
+    /* prostgles schema must exist */
+    EXISTS (
+      SELECT 1 
+      FROM information_schema.tables 
+      WHERE  table_schema = 'prostgles'
+      AND    table_name   = 'apps'
+    )
+    /* Ensure we don't check in paralel */
+    AND NOT EXISTS (
+      SELECT 1
+      FROM pg_catalog.pg_stat_activity s
+      WHERE s.query ilike '%${queryIdentifier}%'
+      AND s.state = 'active'
+    )
+  THEN 
+
+    IF EXISTS (
+      ${connectedApplicationNamesQuery}
+    ) THEN
+
+      /* Remove disconnected apps */
+      WITH deleted_apps AS (
+        ${DELETE_DISCONNECTED_APPS_QUERY}
+        RETURNING a.id
+      )
+      DELETE FROM prostgles.app_triggers
+      WHERE app_id IN (
+        SELECT id 
+        FROM deleted_apps
+      );
+ 
+    END IF;
+  END IF;
+`;

package/lib/PubSubManager/pushSubData.ts

@@ -0,0 +1,55 @@
+import { parseLocalFuncs } from "../DboBuilder/ViewHandler/subscribe";
+import { log, PubSubManager, Subscription } from "./PubSubManager";
+
+export async function pushSubData(this: PubSubManager, sub: Subscription, err?: any) {
+  if (!sub) throw "pushSubData: invalid sub";
+
+  const { socket_id, channel_name } = sub;
+  if(!this.subs.some(s => s.channel_name === channel_name)){
+    // Might be throttling a sub that was removed
+    return;
+  }
+  const localFuncs = parseLocalFuncs(sub.localFuncs);
+
+  if (err) {
+    if (socket_id) {
+      this.sockets[socket_id].emit(channel_name, { err });
+    }
+    return true;
+  }
+
+  return new Promise(async (resolve, reject) => {
+    /* TODO: Retire subOne -> it's redundant */
+    
+    const { data, err } = await this.getSubData(sub);
+
+    if(data){
+
+      if (socket_id && this.sockets[socket_id]) {
+        log("Pushed " + data.length + " records to sub")
+        this.sockets[socket_id].emit(channel_name, { data }, () => {
+          resolve(data);
+        });
+        /* TO DO: confirm receiving data or server will unsubscribe
+          { data }, (cb)=> { console.log(cb) });
+        */
+      } else if (localFuncs) {
+        localFuncs.onData(data);
+        resolve(data);
+      }
+      // sub.last_throttled = Date.now();
+
+    } else {
+      const errObj = { _err_msg: err.toString(), err };
+      if (socket_id && this.sockets[socket_id]) {
+        this.sockets[socket_id].emit(channel_name, { err: errObj });
+      } else if (localFuncs) {
+        if(!localFuncs.onError){
+          console.error("Uncaught subscription error", err);
+        }
+        localFuncs.onError?.(errObj);
+      }
+      reject(errObj);
+    }
+  });
+}

package/lib/PublishParser/PublishParser.ts

@@ -0,0 +1,162 @@
+import { Method, isObject } from "prostgles-types";
+import { AuthResult, SessionUser } from "../Auth/AuthTypes";
+import { LocalParams } from "../DboBuilder/DboBuilder";
+import { DB, DBHandlerServer, Prostgles } from "../Prostgles";
+import { VoidFunction } from "../SchemaWatch/SchemaWatch";
+import { getFileTableRules } from "./getFileTableRules";
+import { getSchemaFromPublish } from "./getSchemaFromPublish";
+import { getTableRulesWithoutFileTable } from "./getTableRulesWithoutFileTable";
+import { DboTable, DboTableCommand, ParsedPublishTable, PublishMethods, PublishObject, PublishParams, RULE_TO_METHODS, TableRule } from "./publishTypesAndUtils";
+
+export class PublishParser {
+  publish: any;
+  publishMethods?: PublishMethods<void, SessionUser> | undefined;
+  publishRawSQL?: any;
+  dbo: DBHandlerServer;
+  db: DB
+  prostgles: Prostgles;
+
+  constructor(publish: any, publishMethods: PublishMethods<void, SessionUser> | undefined, publishRawSQL: any, dbo: DBHandlerServer, db: DB, prostgles: Prostgles) {
+    this.publish = publish;
+    this.publishMethods = publishMethods;
+    this.publishRawSQL = publishRawSQL;
+    this.dbo = dbo;
+    this.db = db;
+    this.prostgles = prostgles;
+
+    if (!this.dbo || !this.publish) throw "INTERNAL ERROR: dbo and/or publish missing";
+  }
+
+  async getPublishParams(localParams: LocalParams, clientInfo?: AuthResult): Promise<PublishParams> {
+    if (!this.dbo) throw "dbo missing"
+    return {
+      ...(clientInfo || await this.prostgles.authHandler?.getClientInfo(localParams)),
+      dbo: this.dbo as any,
+      db: this.db,
+      socket: localParams.socket!,
+      tables: this.prostgles.dboBuilder.tables,
+    }
+  }
+
+  async getAllowedMethods(reqInfo: Pick<LocalParams, "httpReq" | "socket">, userData?: AuthResult): Promise<{ [key: string]: Method; }> {
+    const methods: { [key: string]: Method; } = {};
+
+    const publishParams = await this.getPublishParams(reqInfo, userData);
+    const _methods = await applyParamsIfFunc(this.publishMethods, publishParams);
+
+    if (_methods && Object.keys(_methods).length) {
+      Object.entries(_methods).map(([key, method]) => {
+        const isFuncLike = (maybeFunc: VoidFunction | Promise<void>) => (typeof maybeFunc === "function" || maybeFunc && typeof maybeFunc.then === "function");
+        //@ts-ignore
+        if (method && (isFuncLike(method) || isObject(method) && isFuncLike(method.run))) {
+          //@ts-ignore
+          methods[key] = _methods[key];
+        } else {
+          throw `invalid publishMethods item -> ${key} \n Expecting a function or promise`
+        }
+      });
+    }
+
+    return methods;
+  }
+
+  /**
+   * Parses the first level of publish. (If false then nothing if * then all tables and views)
+   * @param socket 
+   * @param user 
+   */
+  async getPublish(localParams: LocalParams, clientInfo?: AuthResult): Promise<PublishObject> {
+    const publishParams = await this.getPublishParams(localParams, clientInfo)
+    const _publish = await applyParamsIfFunc(this.publish, publishParams);
+
+    if (_publish === "*") {
+      const publish: PublishObject = {};
+      this.prostgles.dboBuilder.tablesOrViews?.map(tov => {
+        publish[tov.name] = "*";
+      });
+      return publish;
+    }
+
+    return _publish;
+  }
+  async getValidatedRequestRuleWusr({ tableName, command, localParams }: DboTableCommand): Promise<TableRule> {
+    
+    const clientInfo = await this.prostgles.authHandler!.getClientInfo(localParams);
+    const rules = await this.getValidatedRequestRule({ tableName, command, localParams }, clientInfo);
+    return rules;
+  }
+
+  async getValidatedRequestRule({ tableName, command, localParams }: DboTableCommand, clientInfo?: AuthResult): Promise<TableRule> {
+    if (!this.dbo) throw "INTERNAL ERROR: dbo is missing";
+
+    if (!command || !tableName) throw "command OR tableName are missing";
+
+    const rtm = RULE_TO_METHODS.find(rtms => (rtms.methods as any).includes(command));
+    if (!rtm) {
+      throw "Invalid command: " + command;
+    }
+
+    /* Must be local request -> allow everything */
+    if (!localParams || (!localParams.socket && !localParams.httpReq)) {
+      return RULE_TO_METHODS.reduce((a, v) => ({
+        ...a,
+        [v.rule]: v.no_limits
+      }), {})
+    }
+
+    /* Must be from socket. Must have a publish */
+    if (!this.publish) throw "publish is missing";
+
+    /* Get any publish errors for socket */
+    const schm = localParams?.socket?.prostgles?.schema?.[tableName]?.[command];
+
+    if (schm && schm.err) throw schm.err;
+
+    const table_rule = await this.getTableRules({ tableName, localParams }, clientInfo);
+    if (!table_rule) throw { stack: ["getValidatedRequestRule()"], message: "Invalid or disallowed table: " + tableName };
+
+
+    if (command === "upsert") {
+      if (!table_rule.update || !table_rule.insert) {
+        throw { stack: ["getValidatedRequestRule()"], message: `Invalid or disallowed command: upsert` };
+      }
+    }
+
+    if (rtm && table_rule && table_rule[rtm.rule]) {
+      return table_rule;
+    } else throw { stack: ["getValidatedRequestRule()"], message: `Invalid or disallowed command: ${tableName}.${command}` };
+  }
+
+  async getTableRules(args: DboTable, clientInfo?: AuthResult): Promise<ParsedPublishTable | undefined> {
+
+    if(this.dbo[args.tableName]?.is_media){
+      const fileTablePublishRules = await this.getTableRulesWithoutFileTable(args, clientInfo)
+      const { rules } = await getFileTableRules.bind(this)(args.tableName, fileTablePublishRules, args.localParams, clientInfo);
+      return rules;
+    }
+
+    return await this.getTableRulesWithoutFileTable(args, clientInfo)
+  }
+
+  getTableRulesWithoutFileTable = getTableRulesWithoutFileTable.bind(this);
+
+  /* Prepares schema for client. Only allowed views and commands will be present */
+  getSchemaFromPublish = getSchemaFromPublish.bind(this);
+
+}
+
+export * from "./publishTypesAndUtils";
+
+type FunctionWithArguments = (...args: any) => any
+function applyParamsIfFunc<T>(maybeFunc: T, ...params: any): T extends FunctionWithArguments ? ReturnType<T> : T {
+  if (
+    (maybeFunc !== null && maybeFunc !== undefined) &&
+    //@ts-ignore
+    (typeof maybeFunc === "function" || typeof maybeFunc.then === "function")
+  ) {
+    return (maybeFunc as FunctionWithArguments)(...params);
+  }
+
+  //@ts-ignore
+  return maybeFunc;
+}

package/lib/PublishParser/getFileTableRules.ts

@@ -0,0 +1,124 @@
+import { AnyObject, FullFilter, isDefined } from "prostgles-types";
+import { AuthResult } from "../Auth/AuthTypes";
+import { LocalParams } from "../DboBuilder/DboBuilder";
+import { parseFieldFilter } from "../DboBuilder/ViewHandler/parseFieldFilter";
+import { PublishParser } from "./PublishParser";
+import { ParsedPublishTable, UpdateRule } from "./publishTypesAndUtils";
+
+/**
+ * Permissions for referencedTables columns are propagated to the file table (even if file table has no permissions)
+ * File table existing permissions that include the referenced column resulting permissions are left as they are 
+ * Select on a referenced column allows selecting from file table any records that join the referenced table and the select filters
+ * Insert on a referenced column allows inserting a file (according to any file type/size rules) only if it is a nested from that table 
+ * Update on a referenced column allows updating a file (delete and insert) only if it is a nested update from that table 
+ * Delete on a referenced column table allows deleting any referenced file 
+ */ 
+export async function getFileTableRules (this: PublishParser, fileTableName: string, fileTablePublishRules: ParsedPublishTable | undefined, localParams: LocalParams, clientInfo: AuthResult | undefined) {
+  const forcedDeleteFilters: FullFilter<AnyObject, void>[] = [];
+  const forcedSelectFilters: FullFilter<AnyObject, void>[] = [];
+  const forcedUpdateFilters: FullFilter<AnyObject, void>[] = []; 
+  const allowedNestedInserts: { table: string; column: string }[] = [];
+  const referencedColumns = this.prostgles.dboBuilder.tablesOrViews?.filter(t => !t.is_view && t.name !== fileTableName).map(t => {
+    const refCols = t.columns.filter(c => c.references?.some(r => r.ftable === fileTableName));
+    if(!refCols.length) return undefined;
+    return {
+      tableName: t.name,
+      fileColumns: refCols.map(c => c.name),
+      allColumns: t.columns.map(c => c.name),
+    }
+  }).filter(isDefined)
+  if(referencedColumns?.length){
+    for await (const { tableName, fileColumns, allColumns } of referencedColumns){
+      const table_rules = await this.getTableRules({ localParams, tableName }, clientInfo);
+      if(table_rules){
+        fileColumns.map(column => {
+          const path = [{ table: tableName, on: [{ id: column }] }];
+          if(table_rules.delete){
+            forcedDeleteFilters.push({
+              $existsJoined: {
+                path,
+                filter: table_rules.delete.forcedFilter ?? {},
+              }
+            })
+          }
+          if(table_rules.select){
+            const parsedFields = parseFieldFilter(table_rules.select.fields, false, allColumns);
+            /** Must be allowed to view this column */
+            if(parsedFields.includes(column as any)){
+              forcedSelectFilters.push({
+                $existsJoined: {
+                  path,
+                  filter: table_rules.select.forcedFilter ?? {},
+                }
+              });
+            }
+          }
+          if(table_rules.insert){
+            const parsedFields = parseFieldFilter(table_rules.insert.fields, false, allColumns);
+            /** Must be allowed to view this column */
+            if(parsedFields.includes(column as any)){
+              allowedNestedInserts.push({ table: tableName, column });
+            }
+          }
+          if(table_rules.update){
+            const parsedFields = parseFieldFilter(table_rules.update.fields, false, allColumns);
+            /** Must be allowed to view this column */
+            if(parsedFields.includes(column as any)){
+              forcedUpdateFilters.push({
+                $existsJoined: {
+                  path,
+                  filter: table_rules.update.forcedFilter ?? {},
+                }
+              });
+            }
+          }
+        })
+      }
+    }
+  }
+
+  const fileTableRule: ParsedPublishTable = {
+    ...fileTablePublishRules,
+  };
+
+  const getForcedFilter = (rule: Pick<UpdateRule, "forcedFilter"> | undefined, forcedFilters: FullFilter<AnyObject, void>[]) => {
+    return (rule && !rule.forcedFilter)?  {} : {
+      forcedFilter: {
+        $or: forcedFilters.concat(rule?.forcedFilter? [rule?.forcedFilter] : []),
+      }
+    }
+  }
+  if(forcedSelectFilters.length || fileTablePublishRules?.select){
+    fileTableRule.select = {
+      fields: "*",
+      ...fileTablePublishRules?.select,
+      ...getForcedFilter(fileTablePublishRules?.select, forcedSelectFilters),
+    }
+  }
+  if(forcedDeleteFilters.length || fileTablePublishRules?.delete){
+    fileTableRule.delete = {
+      filterFields: "*",
+      ...fileTablePublishRules?.delete,
+      ...getForcedFilter(fileTablePublishRules?.delete, forcedDeleteFilters),
+    }
+  }
+  if(forcedUpdateFilters.length || fileTablePublishRules?.update){
+    fileTableRule.update = {
+      fields: "*",
+      ...fileTablePublishRules?.update,
+      ...getForcedFilter(fileTablePublishRules?.update, forcedUpdateFilters),
+    }
+  }
+
+  if(allowedNestedInserts.length || fileTablePublishRules?.insert){
+    fileTableRule.insert = {
+      fields: "*",
+      ...fileTablePublishRules?.insert,
+      allowedNestedInserts: fileTablePublishRules?.insert? undefined : allowedNestedInserts,
+    }
+  }
+
+  /** Add missing implied methods (getColumns, getInfo) */
+  const rules = await this.getTableRulesWithoutFileTable.bind(this)({ localParams, tableName: fileTableName }, clientInfo, { [fileTableName]: fileTableRule })
+  return { rules, allowedInserts: allowedNestedInserts };
+}