sovrium 0.0.2

package/src/presentation/api/routes/tables/record-update-handler.ts

@@ -0,0 +1,200 @@
+/**
+ * Copyright (c) 2025 ESSENTIAL SERVICES
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE.md file in the root directory of this source tree.
+ */
+
+import { hasUpdatePermission } from '@/application/use-cases/tables/permissions/permissions'
+import { updateRecordProgram, rawGetRecordProgram } from '@/application/use-cases/tables/programs'
+import { transformRecord } from '@/application/use-cases/tables/utils/record-transformer'
+import { validateFieldWritePermissions } from '@/presentation/api/utils/field-permission-validator'
+import { runTableProgram } from './effect-runner'
+import { handleRouteError } from './error-handlers'
+import { isAuthorizationError, type Session } from './utils'
+import type { App } from '@/domain/models/app'
+import type { Context } from 'hono'
+
+const SYSTEM_PROTECTED_FIELDS = new Set(['user_id'])
+
+/**
+ * Check if user has table-level update permission (using pre-fetched role from middleware)
+ */
+export function checkTableUpdatePermissionWithRole(
+  app: App,
+  tableName: string,
+  userRole: string,
+  c: Context
+): { allowed: true } | { allowed: false; response: Response } {
+  const table = app.tables?.find((t) => t.name === tableName)
+
+  if (!hasUpdatePermission(table, userRole, app.tables)) {
+    // Viewer-specific message for default permission denial
+    const message =
+      userRole === 'viewer'
+        ? 'You do not have permission to perform this action'
+        : 'You do not have permission to update records in this table'
+
+    return {
+      allowed: false,
+      response: c.json(
+        {
+          success: false,
+          message,
+          code: 'FORBIDDEN',
+        },
+        403
+      ),
+    }
+  }
+
+  return { allowed: true }
+}
+
+/**
+ * Filter update data to only include fields user has permission to modify (using pre-fetched role from middleware)
+ */
+export function filterAllowedFieldsWithRole(
+  app: App,
+  tableName: string,
+  userRole: string,
+  data: Record<string, unknown>
+): {
+  allowedData: Record<string, unknown>
+  forbiddenFields: readonly string[]
+} {
+  const forbiddenFields = validateFieldWritePermissions(app, tableName, userRole, data)
+
+  const allowedData = Object.fromEntries(
+    Object.entries(data).filter(
+      ([fieldName]) =>
+        !forbiddenFields.includes(fieldName) && !SYSTEM_PROTECTED_FIELDS.has(fieldName)
+    )
+  )
+
+  return { allowedData, forbiddenFields }
+}
+
+/**
+ * Handle case where no fields are allowed after filtering
+ */
+export async function handleNoAllowedFields(config: {
+  session: Session
+  tableName: string
+  recordId: string
+  forbiddenFields: readonly string[]
+  c: Context
+}): Promise<Response> {
+  const { session, tableName, recordId, forbiddenFields, c } = config
+  // Filter out system-protected fields from forbidden list
+  const attemptedForbiddenFields = forbiddenFields.filter(
+    (field) => !SYSTEM_PROTECTED_FIELDS.has(field)
+  )
+
+  // If user tried to modify forbidden fields (not system-protected), return 403
+  if (attemptedForbiddenFields.length > 0) {
+    return c.json(
+      {
+        success: false,
+        message: `You do not have permission to modify any of the specified fields: ${attemptedForbiddenFields.join(', ')}`,
+        code: 'FORBIDDEN',
+      },
+      403
+    )
+  }
+
+  // If only system-protected fields were filtered, return unchanged record
+  try {
+    const result = await runTableProgram(rawGetRecordProgram(session, tableName, recordId))
+    if (result._tag === 'Left') {
+      return handleRouteError(c, result.left)
+    }
+    const record = result.right
+
+    if (!record) {
+      return c.json({ success: false, message: 'Resource not found', code: 'NOT_FOUND' }, 404)
+    }
+
+    return c.json({ record: transformRecord(record) }, 200)
+  } catch (error) {
+    return handleRouteError(c, error)
+  }
+}
+
+/**
+ * Execute update and handle RLS authorization errors
+ */
+export async function executeUpdate(config: {
+  session: Session
+  tableName: string
+  recordId: string
+  allowedData: Record<string, unknown>
+  app: App
+  userRole: string
+  c: Context
+}): Promise<Response> {
+  const { session, tableName, recordId, allowedData, app, userRole, c } = config
+  try {
+    const result = await runTableProgram(
+      updateRecordProgram(session, tableName, recordId, { fields: allowedData, app, userRole })
+    )
+
+    if (result._tag === 'Left') {
+      return handleUpdateError({ session, tableName, recordId, error: result.left, c })
+    }
+
+    const updateResult = result.right
+
+    // Check if update affected any rows (RLS may have blocked it)
+    if (!updateResult || Object.keys(updateResult).length === 0) {
+      return c.json({ success: false, message: 'Resource not found', code: 'NOT_FOUND' }, 404)
+    }
+
+    // Return flattened response format (matching GET record response structure)
+    return c.json(updateResult, 200)
+  } catch (error) {
+    return handleRouteError(c, error)
+  }
+}
+
+/**
+ * Handle update errors including RLS authorization failures
+ */
+async function handleUpdateError(config: {
+  session: Session
+  tableName: string
+  recordId: string
+  error: unknown
+  c: Context
+}): Promise<Response> {
+  const { session, tableName, recordId, error, c } = config
+  // Check if this is an authorization error (RLS blocking the update)
+  if (!isAuthorizationError(error)) {
+    return handleRouteError(c, error)
+  }
+
+  // Try to read the record to differentiate between "not found" and "forbidden"
+  try {
+    const result = await runTableProgram(rawGetRecordProgram(session, tableName, recordId))
+    if (result._tag === 'Left') {
+      return c.json({ success: false, message: 'Resource not found', code: 'NOT_FOUND' }, 404)
+    }
+    const readResult = result.right
+
+    // If we can read the record but couldn't update it, return 403 Forbidden
+    if (readResult !== null) {
+      return c.json(
+        {
+          success: false,
+          message: 'You do not have permission to update this record',
+          code: 'FORBIDDEN',
+        },
+        403
+      )
+    }
+
+    return c.json({ success: false, message: 'Resource not found', code: 'NOT_FOUND' }, 404)
+  } catch {
+    return c.json({ success: false, message: 'Resource not found', code: 'NOT_FOUND' }, 404)
+  }
+}

package/src/presentation/api/routes/tables/sort-validation.ts

@@ -0,0 +1,85 @@
+/**
+ * Copyright (c) 2025 ESSENTIAL SERVICES
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE.md file in the root directory of this source tree.
+ */
+
+import type { App } from '@/domain/models/app'
+import type { Context } from 'hono'
+
+/**
+ * Check if user can read a field (for sorting validation)
+ */
+export function canUserReadField(
+  app: App,
+  tableName: string,
+  fieldName: string,
+  userRole: string
+): boolean {
+  // Admin has access to all fields
+  if (userRole === 'admin') {
+    return true
+  }
+
+  const table = app.tables?.find((t) => t.name === tableName)
+  const field = table?.fields?.find((f) => f.name === fieldName)
+
+  if (!field) {
+    return false
+  }
+
+  // Member role: cannot read currency fields by default
+  if (userRole === 'member') {
+    const restrictedTypes = ['currency']
+    return !restrictedTypes.includes(field.type)
+  }
+
+  // Viewer role: only name/title text fields
+  if (userRole === 'viewer') {
+    const allowedFieldTypes = ['single-line-text']
+    const allowedFieldNames = ['name', 'title']
+    return allowedFieldTypes.includes(field.type) && allowedFieldNames.includes(fieldName)
+  }
+
+  return true
+}
+
+/**
+ * Validate sort parameter - check user has permission to sort by requested fields
+ */
+export function validateSortPermission(config: {
+  readonly sort: string | undefined
+  readonly app: App
+  readonly tableName: string
+  readonly userRole: string
+  readonly c: Context
+}) {
+  const { sort, app, tableName, userRole, c } = config
+
+  if (!sort) return undefined
+
+  // Parse sort parameter (format: "field:dir" or "field1:dir1,field2:dir2")
+  const sortFields = sort
+    .split(',')
+    .map((s) => s.split(':')[0])
+    .filter((field): field is string => field !== undefined && field !== '')
+
+  // Check if user can read all sort fields
+  const inaccessibleField = sortFields.find(
+    (field) => !canUserReadField(app, tableName, field, userRole)
+  )
+
+  if (inaccessibleField) {
+    return c.json(
+      {
+        success: false,
+        message: `You do not have permission to perform this action. Cannot sort by field '${inaccessibleField}'`,
+        code: 'FORBIDDEN',
+      },
+      403
+    )
+  }
+
+  return undefined
+}

package/src/presentation/api/routes/tables/table-routes.ts

@@ -0,0 +1,76 @@
+/**
+ * Copyright (c) 2025 ESSENTIAL SERVICES
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE.md file in the root directory of this source tree.
+ */
+
+import { Effect } from 'effect'
+import { z } from 'zod'
+import {
+  createListTablesProgram,
+  createGetTableProgram,
+  createGetPermissionsProgram,
+} from '@/application/use-cases/tables/programs'
+import { getUserRole } from '@/application/use-cases/tables/user-role'
+import {
+  getTableResponseSchema,
+  getTablePermissionsResponseSchema,
+} from '@/domain/models/api/tables'
+import { getSessionContext, getTableContext } from '@/presentation/api/utils/context-helpers'
+import { runEffect } from '@/presentation/api/utils/run-effect'
+import type { App } from '@/domain/models/app'
+import type { Context, Hono } from 'hono'
+
+// Handler for GET /api/tables
+// Note: This route doesn't have :tableId, so only session is guaranteed by middleware
+// (requireAuth ensures session exists, but validateTable/enrichUserRole don't run)
+async function handleListTables(c: Context, app: App) {
+  // Session is guaranteed by requireAuth() middleware (non-null assertion safe)
+  const session = getSessionContext(c)!
+
+  // Fetch userRole manually since enrichUserRole middleware doesn't run on /api/tables
+  const userRole = await getUserRole(session.userId)
+
+  const program = Effect.gen(function* () {
+    const result = yield* createListTablesProgram(userRole, app)
+    return z.array(z.unknown()).parse(result)
+  })
+
+  return runEffect(c, program)
+}
+
+// Handler for GET /api/tables/:tableId
+async function handleGetTable(c: Context, app: App) {
+  // Session, tableId, and userRole are guaranteed by middleware chain
+  const { tableId, userRole } = getTableContext(c)
+
+  const program = Effect.gen(function* () {
+    const result = yield* createGetTableProgram(tableId, app, userRole)
+    const validated = getTableResponseSchema.parse(result)
+    // Return the table object directly (unwrapped) to match test expectations
+    return validated.table
+  })
+
+  return runEffect(c, program)
+}
+
+// Handler for GET /api/tables/:tableId/permissions
+async function handleGetPermissions(c: Context, app: App) {
+  // Session, tableId, and userRole are guaranteed by middleware chain
+  const { tableId, userRole } = getTableContext(c)
+
+  const program = Effect.gen(function* () {
+    const result = yield* createGetPermissionsProgram(tableId, app, userRole)
+    return getTablePermissionsResponseSchema.parse(result)
+  })
+
+  return runEffect(c, program)
+}
+
+export function chainTableRoutesMethods<T extends Hono>(honoApp: T, app: App) {
+  return honoApp
+    .get('/api/tables', (c) => handleListTables(c, app))
+    .get('/api/tables/:tableId', (c) => handleGetTable(c, app))
+    .get('/api/tables/:tableId/permissions', (c) => handleGetPermissions(c, app))
+}

package/src/presentation/api/routes/tables/timezone-validation.ts

@@ -0,0 +1,41 @@
+/**
+ * Copyright (c) 2025 ESSENTIAL SERVICES
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE.md file in the root directory of this source tree.
+ */
+
+import type { Context } from 'hono'
+
+/**
+ * Validate timezone string using Intl.DateTimeFormat
+ * Returns true if timezone is valid, false otherwise
+ */
+export function isValidTimezone(timezone: string): boolean {
+  try {
+    // Attempt to create a DateTimeFormat with the timezone
+    // This will throw if the timezone is invalid
+    // eslint-disable-next-line functional/no-expression-statements -- Required for validation side-effect
+    Intl.DateTimeFormat('en-US', { timeZone: timezone })
+    return true
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Validate timezone and return error response if invalid
+ */
+export function validateTimezoneParam(timezone: string | undefined, c: Context) {
+  if (timezone && !isValidTimezone(timezone)) {
+    return c.json(
+      {
+        success: false,
+        message: `Invalid timezone: ${timezone}`,
+        code: 'VALIDATION_ERROR',
+      },
+      400
+    )
+  }
+  return undefined
+}