prostgles-server 4.2.326 → 4.2.327

package/lib/DboBuilder/TableHandler/DataValidator.ts

@@ -1,6 +1,5 @@
 import {
   AnyObject,
-  ColumnInfo,
   FieldFilter,
   asName,
   getKeys,
@@ -288,43 +287,43 @@ const getValidatedRowFieldData = async (
   return rowFieldData;
 };
 
-const getTextPatch = (c: TableSchemaColumn, fieldValue: any) => {
-  if (
-    c.data_type === "text" &&
-    fieldValue &&
-    isObject(fieldValue) &&
-    !["from", "to"].find((key) => typeof fieldValue[key] !== "number")
-  ) {
-    const unrecProps = Object.keys(fieldValue).filter(
-      (k) => !["from", "to", "text", "md5"].includes(k)
-    );
-    if (unrecProps.length) {
-      throw "Unrecognised params in textPatch field: " + unrecProps.join(", ");
-    }
-    const patchedTextData: {
-      fieldName: string;
-      from: number;
-      to: number;
-      text: string;
-      md5: string;
-    } = {
-      ...fieldValue,
-      fieldName: c.name,
-    } as any;
-
-    // if (tableRules && !tableRules.select) throw "Select needs to be permitted to patch data";
-    // const rows = await this.find(filter, { select: patchedTextData.reduce((a, v) => ({ ...a, [v.fieldName]: 1 }), {}) }, undefined, tableRules);
-
-    // if (rows.length !== 1) {
-    //   throw "Cannot patch data within a filter that affects more/less than 1 row";
-    // }
-    // return unpatchText(rows[0][p.fieldName], patchedTextData);
-    const rawValue = `OVERLAY(${asName(c.name)} PLACING ${asValue(patchedTextData.text)} FROM ${asValue(patchedTextData.from)} FOR ${asValue(patchedTextData.to - patchedTextData.from + 1)})`;
-    return rawValue;
-  }
-
-  return undefined;
-};
+// const getTextPatch = (c: TableSchemaColumn, fieldValue: any) => {
+//   if (
+//     c.data_type === "text" &&
+//     fieldValue &&
+//     isObject(fieldValue) &&
+//     !["from", "to"].find((key) => typeof fieldValue[key] !== "number")
+//   ) {
+//     const unrecProps = Object.keys(fieldValue).filter(
+//       (k) => !["from", "to", "text", "md5"].includes(k)
+//     );
+//     if (unrecProps.length) {
+//       throw "Unrecognised params in textPatch field: " + unrecProps.join(", ");
+//     }
+//     const patchedTextData: {
+//       fieldName: string;
+//       from: number;
+//       to: number;
+//       text: string;
+//       md5: string;
+//     } = {
+//       ...fieldValue,
+//       fieldName: c.name,
+//     } as any;
+
+//     // if (tableRules && !tableRules.select) throw "Select needs to be permitted to patch data";
+//     // const rows = await this.find(filter, { select: patchedTextData.reduce((a, v) => ({ ...a, [v.fieldName]: 1 }), {}) }, undefined, tableRules);
+
+//     // if (rows.length !== 1) {
+//     //   throw "Cannot patch data within a filter that affects more/less than 1 row";
+//     // }
+//     // return unpatchText(rows[0][p.fieldName], patchedTextData);
+//     const rawValue = `OVERLAY(${asName(c.name)} PLACING ${asValue(patchedTextData.text)} FROM ${asValue(patchedTextData.from)} FOR ${asValue(patchedTextData.to - patchedTextData.from + 1)})`;
+//     return rawValue;
+//   }
+
+//   return undefined;
+// };
 
 const getParsedRowFieldDataFunction = (rowPart: RowFieldDataFunction, args: ParseDataArgs) => {
   const func = convertionFuncs.find((f) => `$${f.name}` === rowPart.funcName);
@@ -407,88 +406,3 @@ const convertionFuncs: ConvertionFunc[] = [
     },
   },
 ];
-
-export class ColSet {
-  opts: {
-    columns: ColumnInfo[];
-    tableName: string;
-    colNames: string[];
-  };
-
-  constructor(columns: ColumnInfo[], tableName: string) {
-    this.opts = { columns, tableName, colNames: columns.map((c) => c.name) };
-  }
-
-  // private async getRow(data: any, allowedCols: string[], dbTx: DBHandlerServer, validate: ValidateRow | undefined, command: "update" | "insert", localParams: LocalParams | undefined): Promise<ParsedRowFieldData[]> {
-  //   const badCol = allowedCols.find(c => !this.opts.colNames.includes(c))
-  //   if (!allowedCols || badCol) {
-  //     throw "Missing or unexpected columns: " + badCol;
-  //   }
-
-  //   if (command === "update" && isEmpty(data)) {
-  //     throw "No data provided for update";
-  //   }
-
-  //   let row = pickKeys(data, allowedCols);
-  //   if (validate) {
-  //     if (!localParams) throw "localParams missing"
-  //     row = await validate({ row, dbx: dbTx, localParams });
-  //   }
-
-  //   return Object.entries(row).map(([fieldName, fieldValue]) => {
-  //     const col = this.opts.columns.find(c => c.name === fieldName);
-  //     if (!col) throw "Unexpected missing col name";
-
-  //     /**
-  //      * Add conversion functions for PostGIS data
-  //      */
-  //     let escapedVal = "";
-  //     if ((col.udt_name === "geometry" || col.udt_name === "geography") && isObject(fieldValue)) {
-
-  //       const dataKeys = Object.keys(fieldValue);
-  //       const funcName = dataKeys[0]!;
-  //       const func = convertionFuncs.find(f => f.name === funcName);
-  //       const funcArgs = fieldValue?.[funcName]
-  //       if (dataKeys.length !== 1 || !func || !Array.isArray(funcArgs)) {
-  //         throw `Expecting only one function key (${convertionFuncs.join(", ")}) \nwith an array of arguments \n within column (${fieldName}) data but got: ${JSON.stringify(fieldValue)} \nExample: { geo_col: { ST_GeomFromText: ["POINT(-71.064544 42.28787)", 4326] } }`;
-  //       }
-  //       escapedVal = func.getQuery(funcArgs);
-  //     } else if (col.udt_name === "text") {
-
-  //     } else {
-  //       /** Prevent pg-promise formatting jsonb */
-  //       const colIsJSON = ["json", "jsonb"].includes(col.data_type);
-  //       escapedVal = pgp.as.format(colIsJSON ? "$1:json" : "$1", [fieldValue])
-  //     }
-
-  //     /**
-  //      * Cast to type to avoid array errors (they do not cast automatically)
-  //      */
-  //     escapedVal += `::${col.udt_name}`
-
-  //     return {
-  //       escapedCol: asName(fieldName),
-  //       escapedVal,
-  //     }
-  //   });
-
-  // }
-
-  // async getInsertQuery(data: AnyObject[], allowedCols: string[], dbTx: DBHandlerServer, validate: ValidateRowBasic | undefined, localParams: LocalParams | undefined) {
-  //   const inserts = (await Promise.all(data.map(async d => {
-  //     const rowParts = await this.getRow(d, allowedCols, dbTx, validate, "insert", localParams);
-  //     return Object.fromEntries(rowParts.map(rp => [rp.escapedCol, rp.escapedVal]));
-  //   })));
-  //   const uniqueColumns = Array.from(new Set(inserts.flatMap(row => Object.keys(row))))
-  //   const values = inserts.map(row => `(${uniqueColumns.map(colName => row[colName] ?? 'DEFAULT')})`).join(",\n");
-  //   const whatToInsert = !uniqueColumns.length ? "DEFAULT VALUES" : `(${uniqueColumns}) VALUES ${values}`
-  //   return `INSERT INTO ${this.opts.tableName} ${whatToInsert} `;
-  // }
-  // async getUpdateQuery(data: AnyObject | AnyObject[], allowedCols: string[], dbTx: DBHandlerServer, validate: ValidateRowBasic | undefined, localParams: LocalParams | undefined): Promise<string> {
-  //   const res = (await Promise.all((Array.isArray(data) ? data : [data]).map(async d => {
-  //     const rowParts = await this.getRow(d, allowedCols, dbTx, validate, "update", localParams);
-  //     return `UPDATE ${this.opts.tableName} SET ` + rowParts.map(r => `${r.escapedCol} = ${r.escapedVal} `).join(",\n")
-  //   }))).join(";\n") + " ";
-  //   return res;
-  // }
-}

package/lib/DboBuilder/TableHandler/insert/insert.ts

@@ -1,16 +1,11 @@
-import { AnyObject, InsertParams, asName, isObject } from "prostgles-types";
+import { AnyObject, InsertParams, asName, getSerialisableError, isObject } from "prostgles-types";
 import { ParsedTableRule, ValidateRowBasic } from "../../../PublishParser/PublishParser";
-import {
-  LocalParams,
-  getErrorAsObject,
-  getSerializedClientErrorFromPGError,
-  withUserRLS,
-} from "../../DboBuilder";
-import { insertNestedRecords } from "./insertNestedRecords";
+import { LocalParams, getSerializedClientErrorFromPGError, withUserRLS } from "../../DboBuilder";
 import { prepareNewData } from "../DataValidator";
 import { TableHandler } from "../TableHandler";
 import { insertTest } from "../insertTest";
 import { runInsertUpdateQuery } from "../runInsertUpdateQuery";
+import { insertNestedRecords } from "./insertNestedRecords";
 
 export async function insert(
   this: TableHandler,
@@ -66,7 +61,7 @@ export async function insert(
       }
     }
     const isMultiInsert = Array.isArray(rowOrRows);
-    const rows = isMultiInsert ? rowOrRows : [rowOrRows];
+    const rows = isMultiInsert ? (rowOrRows as AnyObject[]) : [rowOrRows];
 
     requiredNestedInserts?.forEach(({ ftable, maxRows, minRows }) => {
       if (this.column_names.includes(ftable))
@@ -106,7 +101,7 @@ export async function insert(
           if (!localParams) throw "localParams missing for insert preValidate";
           row = await preValidate({
             row,
-            dbx: (this.tx?.dbTX || this.dboBuilder.dbo) as any,
+            dbx: this.tx?.dbTX || this.dboBuilder.dbo,
             localParams,
           });
         }
@@ -133,29 +128,28 @@ export async function insert(
 
     const pkeyNames = this.columns.filter((c) => c.is_pkey).map((c) => c.name);
     const getInsertQuery = async (_rows: AnyObject[]) => {
-      const validatedData = await Promise.all(
-        _rows.map(async (_row) => {
-          const row = { ..._row };
+      const validatedData = _rows.map((_row) => {
+        const row = { ..._row };
 
-          if (!isObject(row)) {
-            throw (
-              "\nInvalid insert data provided. Expected an object but received: " +
-              JSON.stringify(row)
-            );
-          }
+        if (!isObject(row)) {
+          throw (
+            "\nInvalid insert data provided. Expected an object but received: " +
+            JSON.stringify(row)
+          );
+        }
+
+        const { data: validatedRow, allowedCols } = prepareNewData({
+          row,
+          forcedData,
+          allowedFields: fields,
+          tableRules,
+          removeDisallowedFields,
+          tableConfigurator: this.dboBuilder.prostgles.tableConfigurator,
+          tableHandler: this,
+        });
+        return { validatedRow, allowedCols };
+      });
 
-          const { data: validatedRow, allowedCols } = await prepareNewData({
-            row,
-            forcedData,
-            allowedFields: fields,
-            tableRules,
-            removeDisallowedFields,
-            tableConfigurator: this.dboBuilder.prostgles.tableConfigurator,
-            tableHandler: this,
-          });
-          return { validatedRow, allowedCols };
-        })
-      );
       const validatedRows = validatedData.map((d) => d.validatedRow);
       const allowedCols = Array.from(new Set(validatedData.flatMap((d) => d.allowedCols)));
       const dbTx = finalDBtx || this.dboBuilder.dbo;
@@ -163,7 +157,7 @@ export async function insert(
         validate: validate as ValidateRowBasic,
         localParams,
       };
-      // const query = await this.colSet.getInsertQuery(validatedRows, allowedCols, dbTx, validate, localParams);
+
       const query = (
         await this.dataValidator.parse({
           command: "insert",
@@ -234,7 +228,7 @@ export async function insert(
       localParams,
       data: { rowOrRows, param2: insertParams },
       duration: Date.now() - start,
-      error: getErrorAsObject(e),
+      error: getSerialisableError(e),
     });
     throw getSerializedClientErrorFromPGError(e, {
       type: "tableMethod",

package/lib/DboBuilder/TableHandler/insert/insertNestedRecords.ts

@@ -99,7 +99,7 @@ export async function insertNestedRecords(
         const colInserts = getReferenceColumnInserts(this, row);
 
         /* Ensure we're using the same transaction */
-        const _this = this.tx ? this : (dbTX![this.name] as TableHandler);
+        const tableHandler = this.tx ? this : (dbTX![this.name] as TableHandler);
 
         const omitedKeys = extraKeys.concat(colInserts.map((c) => c.insertedFieldName));
 
@@ -126,7 +126,7 @@ export async function insertNestedRecords(
               },
             };
             const colRows = await referencedInsert(
-              _this,
+              tableHandler,
               dbTX,
               newLocalParams,
               colInsert.tableName,
@@ -157,7 +157,7 @@ export async function insertNestedRecords(
           }
         }
 
-        const fullRootResult = (await _this.insert(
+        const fullRootResult = (await tableHandler.insert(
           rootData,
           { returning: "*" },
           undefined,
@@ -235,7 +235,7 @@ export async function insertNestedRecords(
               }
 
               insertedChildren = await childInsert(
-                childDataItems.map((d: AnyObject) => {
+                childDataItems.map((d) => {
                   const result = { ...d };
                   colsRefT1.map((col) => {
                     result[col.references![0]!.cols[0]!] =
@@ -262,14 +262,14 @@ export async function insertNestedRecords(
               if (
                 !(
                   cols2.filter((c) => c.references?.[0]?.ftable === fileTable).length === 1 &&
-                  cols2.filter((c) => c.references?.[0]?.ftable === _this.name).length === 1
+                  cols2.filter((c) => c.references?.[0]?.ftable === tableHandler.name).length === 1
                 )
               ) {
                 console.log({
                   tbl1,
                   tbl2,
                   tbl3,
-                  name: _this.name,
+                  name: tableHandler.name,
                   tthisName: this.name,
                 });
                 throw (
@@ -293,7 +293,7 @@ export async function insertNestedRecords(
                     tbl2Row[col.name] = fullRootResult[col.references![0]!.fcols[0]!];
                   });
 
-                  await childInsert(tbl2Row, tbl2!); //.then(() => {});
+                  await childInsert(tbl2Row, tbl2!);
                 })
               );
             } else {

package/lib/FileManager/initFileManager.ts

@@ -207,7 +207,8 @@ export async function initFileManager(this: FileManager, prg: Prostgles) {
         {
           res,
           httpReq: req,
-        }
+        },
+        undefined
       )) as Required<Media> | undefined;
 
       if (!media) {

package/lib/PublishParser/PublishParser.ts

@@ -1,4 +1,4 @@
-import { Method, getObjectEntries, isObject, type ClientSchema } from "prostgles-types";
+import { Method, getObjectEntries, isObject } from "prostgles-types";
 import { AuthClientRequest, AuthResultWithSID, SessionUser } from "../Auth/AuthTypes";
 import { DBOFullyTyped } from "../DBSchemaBuilder";
 import { DB, DBHandlerServer, Prostgles } from "../Prostgles";
@@ -13,11 +13,12 @@ import {
   DboTableCommand,
   ParsedTableRule,
   PublishMethods,
-  type PublishMethodsV2,
-  type PublishObject,
   PublishParams,
   RULE_TO_METHODS,
   parsePublishTableRule,
+  type PublishMethodsV2,
+  type PublishObject,
+  type PermissionScope,
 } from "./publishTypesAndUtils";
 
 export class PublishParser {
@@ -59,7 +60,8 @@ export class PublishParser {
       db: this.db,
       clientReq,
       tables: this.prostgles.dboBuilder.tables,
-      getClientDBHandlers: () => getClientHandlers(this.prostgles, clientReq),
+      getClientDBHandlers: (scope: PermissionScope | undefined) =>
+        getClientHandlers(this.prostgles, clientReq, scope),
     };
   }
 
@@ -135,21 +137,33 @@ export class PublishParser {
     if (clientInfo === "new-session-redirect") {
       throw "new-session-redirect";
     }
-    const rules = await this.getValidatedRequestRule({ tableName, command, clientReq }, clientInfo);
+    const rules = await this.getValidatedRequestRule(
+      { tableName, command, clientReq },
+      clientInfo,
+      undefined
+    );
     return rules;
   }
 
   async getValidatedRequestRule(
     { tableName, command, clientReq }: DboTableCommand,
-    clientInfo: AuthResultWithSID | undefined
+    clientInfo: AuthResultWithSID | undefined,
+    scope: PermissionScope | undefined
   ): Promise<ParsedTableRule> {
     if (!command || !tableName) throw "command OR tableName are missing";
 
-    const rtm = RULE_TO_METHODS.find((rtms) => rtms.methods.some((v) => v === command));
-    if (!rtm) {
+    const rule = RULE_TO_METHODS.find((rtms) => rtms.methods.some((v) => v === command));
+    if (!rule) {
       throw "Invalid command: " + command;
     }
 
+    if (scope) {
+      const tableScope = scope.tables;
+      if (!tableScope?.[tableName] || !tableScope[tableName]?.[rule.sqlRule]) {
+        throw `Invalid or disallowed command: ${tableName}.${command}. The PermissionsScope does not allow this command.`;
+      }
+    }
+
     /* Must be local request -> allow everything */
     if (!clientReq) {
       return RULE_TO_METHODS.reduce(
@@ -185,7 +199,7 @@ export class PublishParser {
       }
     }
 
-    if (!tableRule[rtm.rule]) {
+    if (!tableRule[rule.rule]) {
       throw {
         stack: ["getValidatedRequestRule()"],
         message: `Invalid or disallowed command: ${tableName}.${command}`,

package/lib/PublishParser/getSchemaFromPublish.ts

@@ -14,7 +14,7 @@ import { AuthClientRequest, AuthResultWithSID } from "../Auth/AuthTypes";
 import { getErrorAsObject } from "../DboBuilder/DboBuilder";
 import type { TableHandler } from "../DboBuilder/TableHandler/TableHandler";
 import { TABLE_METHODS } from "../Prostgles";
-import { type PublishObject, PublishParser } from "./PublishParser";
+import { type PermissionScope, type PublishObject, PublishParser } from "./PublishParser";
 
 type Args = AuthClientRequest & {
   userData: AuthResultWithSID | undefined;
@@ -23,7 +23,8 @@ const SUBSCRIBE_METHODS = ["subscribe", "subscribeOne", "sync", "unsubscribe", "
 
 export async function getSchemaFromPublish(
   this: PublishParser,
-  { userData, ...clientReq }: Args
+  { userData, ...clientReq }: Args,
+  scope: PermissionScope | undefined
 ): Promise<{
   schema: TableSchemaForClient;
   tables: DBSchemaTable[];
@@ -118,7 +119,8 @@ export async function getSchemaFromPublish(
                           command: method,
                           clientReq,
                         },
-                        clientInfo
+                        clientInfo,
+                        scope
                       );
                       if (this.prostgles.opts.testRulesOnConnect) {
                         await (this.dbo[tableName] as TableHandler)[method](
@@ -150,7 +152,8 @@ export async function getSchemaFromPublish(
                   if (method === "getInfo" || method === "getColumns") {
                     const tableRules = await this.getValidatedRequestRule(
                       { tableName, command: method, clientReq },
-                      clientInfo
+                      clientInfo,
+                      scope
                     );
                     const res = await (this.dbo[tableName] as TableHandler)[method](
                       undefined,

package/lib/PublishParser/publishTypesAndUtils.ts

@@ -506,6 +506,11 @@ export type DbTableInfo = {
   info: TableOrViewInfo;
   columns: TableSchemaColumn[];
 };
+export type PermissionScope = {
+  sql?: true;
+  tables?: Record<string, Partial<Record<"select" | "update" | "delete" | "insert", true>>>;
+  methods?: Record<string, true>;
+};
 export type PublishParams<S = void, SUser extends SessionUser = SessionUser> = {
   sid: string | undefined;
   dbo: DBOFullyTyped<S>;
@@ -513,7 +518,12 @@ export type PublishParams<S = void, SUser extends SessionUser = SessionUser> = {
   user?: SUser["user"];
   clientReq: AuthClientRequest;
   tables: DbTableInfo[];
-  getClientDBHandlers: () => Promise<ClientHandlers<S>>;
+  getClientDBHandlers: (
+    /**
+     * Used to filter permissions
+     */
+    scope: PermissionScope | undefined
+  ) => Promise<ClientHandlers<S>>;
 };
 export type RequestParams = { dbo?: DBHandlerServer; socket?: any };
 export type PublishAllOrNothing = boolean | "*" | null;

package/lib/RestApi.ts

@@ -102,7 +102,7 @@ export class RestApi {
   };
   onPostSchema = async (req: ExpressReq, res: ExpressRes) => {
     try {
-      const data = await this.prostgles.getClientSchema({ httpReq: req, res });
+      const data = await this.prostgles.getClientSchema({ httpReq: req, res }, undefined);
       res.json(data);
     } catch (rawError) {
       const error = getSerializedClientErrorFromPGError(rawError, {
@@ -161,7 +161,8 @@ export class RestApi {
         {
           httpReq: req,
           res,
-        }
+        },
+        undefined
       );
       res.json(data);
     } catch (rawError) {

package/lib/WebsocketAPI/getClientHandlers.ts

@@ -11,16 +11,18 @@ import type { DBOFullyTyped } from "../DBSchemaBuilder";
 import type { Prostgles } from "../Prostgles";
 import { runClientMethod, runClientRequest, runClientSqlRequest } from "../runClientRequest";
 import { getClientSchema } from "./getClientSchema";
+import type { PermissionScope } from "../PublishParser/publishTypesAndUtils";
 
 export const getClientHandlers = async <S = void>(
   prostgles: Prostgles,
-  clientReq: AuthClientRequest
+  clientReq: AuthClientRequest,
+  scope: PermissionScope | undefined
 ): Promise<{
   clientDb: DBOFullyTyped<S, false>;
   clientMethods: Record<string, Method>;
 }> => {
   const clientSchema =
-    clientReq.socket?.prostgles ?? (await getClientSchema.bind(prostgles)(clientReq));
+    clientReq.socket?.prostgles ?? (await getClientSchema.bind(prostgles)(clientReq, scope));
   const sql: SQLHandler | undefined = ((query: string, params?: unknown, options?: SQLOptions) =>
     runClientSqlRequest.bind(prostgles)({ query, params, options }, clientReq)) as SQLHandler;
   const tableHandlers = Object.fromEntries(
@@ -31,7 +33,8 @@ export const getClientHandlers = async <S = void>(
           const method = (param1: unknown, param2: unknown, param3: unknown) =>
             runClientRequest.bind(prostgles)(
               { command, tableName: table.name, param1, param2, param3 },
-              clientReq
+              clientReq,
+              scope
             );
           return [command, method];
         })
@@ -48,17 +51,25 @@ export const getClientHandlers = async <S = void>(
   const clientDb = {
     ...tableHandlers,
     ...txNotAllowed,
-    sql,
+    sql:
+      scope && !scope.sql ?
+        () => {
+          throw new Error("SQL is dissallowed by PermissionScope");
+        }
+      : sql,
   } as DBOFullyTyped<S, false>;
 
   const clientMethods: Record<string, Method> = Object.fromEntries(
     clientSchema.methods.map((method) => {
       const methodName = typeof method === "string" ? method : method.name;
-      return [
-        methodName,
-        (...params: any[]) =>
-          runClientMethod.bind(prostgles)({ method: methodName, params }, clientReq),
-      ];
+      const methodHandler =
+        scope && !scope.methods?.[methodName] ?
+          () => {
+            throw new Error(`Method ${methodName} is not allowed by PermissionScope`);
+          }
+        : (...params: any[]) =>
+            runClientMethod.bind(prostgles)({ method: methodName, params }, clientReq);
+      return [methodName, methodHandler];
     })
   );
 

package/lib/WebsocketAPI/getClientSchema.ts

@@ -1,11 +1,15 @@
 import { isObject, omitKeys, tryCatchV2, type ClientSchema } from "prostgles-types";
 import type { AuthClientRequest } from "../Auth/AuthTypes";
 import { Prostgles } from "../Prostgles";
-import type { PublishParser } from "../PublishParser/PublishParser";
+import type { PermissionScope, PublishParser } from "../PublishParser/PublishParser";
 import { clientCanRunSqlRequest } from "../runClientRequest";
-const version = (require("../../package.json") as { version: string }).version;
+import { version } from "../../package.json";
 
-export async function getClientSchema(this: Prostgles, clientReq: AuthClientRequest) {
+export async function getClientSchema(
+  this: Prostgles,
+  clientReq: AuthClientRequest,
+  scope: PermissionScope | undefined
+) {
   const result = await tryCatchV2(async () => {
     const clientInfo =
       clientReq.socket ?
@@ -22,10 +26,13 @@ export async function getClientSchema(this: Prostgles, clientReq: AuthClientRequ
 
     try {
       if (!publishParser) throw "publishParser undefined";
-      fullSchema = await publishParser.getSchemaFromPublish({
-        ...clientInfo,
-        userData,
-      });
+      fullSchema = await publishParser.getSchemaFromPublish(
+        {
+          ...clientInfo,
+          userData,
+        },
+        scope
+      );
     } catch (e) {
       publishValidationError = e;
       console.error(`\nProstgles Publish validation failed (after socket connected):\n    ->`, e);

package/lib/WebsocketAPI/onSocketConnected.ts

@@ -105,7 +105,7 @@ export async function onSocketConnected(this: Prostgles, socket: PRGLIOSocket) {
         }
       ) => {
         runClientRequest
-          .bind(this)(args, { socket })
+          .bind(this)(args, { socket }, undefined)
           .then((res) => {
             cb(null, res);
           })

package/lib/WebsocketAPI/pushSocketSchema.ts

@@ -5,7 +5,7 @@ import { runClientSqlRequest } from "../runClientRequest";
 import { makeSocketError } from "./onSocketConnected";
 export async function pushSocketSchema(this: Prostgles, socket: PRGLIOSocket) {
   try {
-    const clientSchema = await this.getClientSchema({ socket });
+    const clientSchema = await this.getClientSchema({ socket }, undefined);
     socket.prostgles = clientSchema;
     if (clientSchema.rawSQL) {
       socket.removeAllListeners(CHANNELS.SQL);