2022-04-06 15:47:35 +03:00
|
|
|
{-# LANGUAGE UndecidableInstances #-}
|
|
|
|
|
2021-11-04 19:08:33 +03:00
|
|
|
module Hasura.RQL.DDL.Permission.Internal
|
|
|
|
( CreatePerm (..),
|
|
|
|
DropPerm (..),
|
2022-04-06 15:47:35 +03:00
|
|
|
permissionIsDefined,
|
2021-11-04 19:08:33 +03:00
|
|
|
assertPermDefined,
|
2022-02-03 17:14:33 +03:00
|
|
|
interpColSpec,
|
2021-11-04 19:08:33 +03:00
|
|
|
getDepHeadersFromVal,
|
|
|
|
getDependentHeaders,
|
2023-02-24 15:31:04 +03:00
|
|
|
annBoolExp,
|
2021-11-04 19:08:33 +03:00
|
|
|
procBoolExp,
|
|
|
|
)
|
|
|
|
where
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2020-11-02 14:50:40 +03:00
|
|
|
import Control.Lens hiding ((.=))
|
2022-06-08 18:31:28 +03:00
|
|
|
import Data.Aeson.KeyMap qualified as KM
|
2018-06-27 16:11:32 +03:00
|
|
|
import Data.Aeson.Types
|
2020-11-02 14:50:40 +03:00
|
|
|
import Data.HashMap.Strict qualified as M
|
2021-08-09 13:20:04 +03:00
|
|
|
import Data.HashSet qualified as Set
|
2022-11-30 21:12:14 +03:00
|
|
|
import Data.Sequence qualified as Seq
|
2020-11-02 14:50:40 +03:00
|
|
|
import Data.Text qualified as T
|
2020-10-21 19:35:06 +03:00
|
|
|
import Data.Text.Extended
|
2021-05-11 18:18:31 +03:00
|
|
|
import Hasura.Base.Error
|
2020-08-27 19:36:39 +03:00
|
|
|
import Hasura.Prelude
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.IR.BoolExp
|
|
|
|
import Hasura.RQL.Types.Backend
|
2022-05-25 13:24:41 +03:00
|
|
|
import Hasura.RQL.Types.BoolExp
|
2023-02-24 15:31:04 +03:00
|
|
|
import Hasura.RQL.Types.Column (ColumnReference (ColumnReferenceColumn))
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.Types.Common
|
|
|
|
import Hasura.RQL.Types.Metadata.Backend
|
|
|
|
import Hasura.RQL.Types.Permission
|
|
|
|
import Hasura.RQL.Types.Relationships.Local
|
|
|
|
import Hasura.RQL.Types.SchemaCache
|
2022-08-19 18:40:26 +03:00
|
|
|
import Hasura.RQL.Types.SchemaCacheTypes
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.Types.Table
|
2020-10-21 19:35:06 +03:00
|
|
|
import Hasura.Server.Utils
|
|
|
|
import Hasura.Session
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2022-02-03 17:14:33 +03:00
|
|
|
-- | Intrepet a 'PermColSpec' column specification, which can either refer to a
|
|
|
|
-- list of named columns or all columns.
|
|
|
|
interpColSpec :: [Column b] -> PermColSpec b -> [Column b]
|
|
|
|
interpColSpec _ (PCCols cols) = cols
|
|
|
|
interpColSpec allColumns PCStar = allColumns
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
permissionIsDefined ::
|
2022-04-06 15:47:35 +03:00
|
|
|
PermType -> RolePermInfo backend -> Bool
|
|
|
|
permissionIsDefined pt rpi = isJust
|
|
|
|
case pt of
|
|
|
|
PTSelect -> rpi ^. permSel $> ()
|
|
|
|
PTInsert -> rpi ^. permIns $> ()
|
|
|
|
PTUpdate -> rpi ^. permUpd $> ()
|
|
|
|
PTDelete -> rpi ^. permDel $> ()
|
2021-09-24 01:56:37 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
assertPermDefined ::
|
2020-12-01 18:50:18 +03:00
|
|
|
(Backend backend, MonadError QErr m) =>
|
2018-06-27 16:11:32 +03:00
|
|
|
RoleName ->
|
2022-04-06 15:47:35 +03:00
|
|
|
PermType ->
|
2020-10-22 23:42:27 +03:00
|
|
|
TableInfo backend ->
|
2018-06-27 16:11:32 +03:00
|
|
|
m ()
|
2022-04-06 15:47:35 +03:00
|
|
|
assertPermDefined role pt tableInfo =
|
2022-10-04 00:49:32 +03:00
|
|
|
unless (any (permissionIsDefined pt) rpi) $
|
2018-06-27 16:11:32 +03:00
|
|
|
throw400 PermissionDenied $
|
An `ErrorMessage` type, to encapsulate.
This introduces an `ErrorMessage` newtype which wraps `Text` in a manner which is designed to be easy to construct, and difficult to deconstruct.
It provides functionality similar to `Data.Text.Extended`, but designed _only_ for error messages. Error messages are constructed through `fromString`, concatenation, or the `toErrorValue` function, which is designed to be overridden for all meaningful domain types that might show up in an error message. Notably, there are not and should never be instances of `ToErrorValue` for `String`, `Text`, `Int`, etc. This is so that we correctly represent the value in a way that is specific to its type. For example, all `Name` values (from the _graphql-parser-hs_ library) are single-quoted now; no exceptions.
I have mostly had to add `instance ToErrorValue` for various backend types (and also add newtypes where necessary). Some of these are not strictly necessary for this changeset, as I had bigger aspirations when I started. These aspirations have been tempered by trying and failing twice.
As such, in this changeset, I have started by introducing this type to the `parseError` and `parseErrorWith` functions. In the future, I would like to extend this to the `QErr` record and the various `throwError` functions, but this is a much larger task and should probably be done in stages.
For now, `toErrorMessage` and `fromErrorMessage` are provided for conversion to and from `Text`, but the intent is to stop exporting these once all error messages are converted to the new type.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5018
GitOrigin-RevId: 84b37e238992e4312255a87ca44f41af65e2d89a
2022-07-18 23:26:01 +03:00
|
|
|
"'"
|
|
|
|
<> tshow pt
|
|
|
|
<> "'"
|
|
|
|
<> " permission on "
|
|
|
|
<> tableInfoName tableInfo
|
|
|
|
<<> " for role "
|
|
|
|
<> role
|
|
|
|
<<> " does not exist"
|
2018-06-27 16:11:32 +03:00
|
|
|
where
|
[Preview] Inherited roles for postgres read queries
fixes #3868
docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`
Note:
To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.
Introduction
------------
This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.
How are select permissions of different roles are combined?
------------------------------------------------------------
A select permission includes 5 things:
1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role
Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.
Let's say the following GraphQL query is queried with the `combined_roles` role.
```graphql
query {
employees {
address
phone
}
}
```
This will translate to the following SQL query:
```sql
select
(case when (P1 or P2) then address else null end) as address,
(case when P2 then phone else null end) as phone
from employee
where (P1 or P2)
```
The other parameters of the select permission will be combined in the following manner:
1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example
APIs for inherited roles:
----------------------
1. `add_inherited_role`
`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments
`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)
Example:
```json
{
"type": "add_inherited_role",
"args": {
"role_name":"combined_user",
"role_set":[
"user",
"user1"
]
}
}
```
After adding the inherited role, the inherited role can be used like single roles like earlier
Note:
An inherited role can only be created with non-inherited/singular roles.
2. `drop_inherited_role`
The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:
`role_name`: name of the inherited role to be dropped
Example:
```json
{
"type": "drop_inherited_role",
"args": {
"role_name":"combined_user"
}
}
```
Metadata
---------
The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.
```json
{
"experimental_features": {
"derived_roles": [
{
"role_name": "manager_is_employee_too",
"role_set": [
"employee",
"manager"
]
}
]
}
}
```
Scope
------
Only postgres queries and subscriptions are supported in this PR.
Important points:
-----------------
1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.
TODOs
-------
- [ ] Tests
- [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
- [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
- [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 14:14:13 +03:00
|
|
|
rpi = M.lookup role $ _tiRolePermInfoMap tableInfo
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2022-04-06 15:47:35 +03:00
|
|
|
newtype CreatePerm a b = CreatePerm (WithTable b (PermDef b a))
|
|
|
|
|
|
|
|
deriving instance (Backend b, FromJSON (PermDef b a)) => FromJSON (CreatePerm a b)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
data CreatePermP1Res a = CreatePermP1Res
|
2022-08-01 12:32:04 +03:00
|
|
|
{ cprInfo :: a,
|
|
|
|
cprDeps :: [SchemaDependency]
|
2018-06-27 16:11:32 +03:00
|
|
|
}
|
|
|
|
deriving (Show, Eq)
|
2021-09-24 01:56:37 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
procBoolExp ::
|
2022-08-19 18:40:26 +03:00
|
|
|
( QErrM m,
|
|
|
|
TableCoreInfoRM b m,
|
|
|
|
BackendMetadata b,
|
|
|
|
GetAggregationPredicatesDeps b
|
|
|
|
) =>
|
2020-12-28 15:56:00 +03:00
|
|
|
SourceName ->
|
2021-02-14 09:07:52 +03:00
|
|
|
TableName b ->
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
BoolExp b ->
|
2022-11-30 21:12:14 +03:00
|
|
|
m (AnnBoolExpPartialSQL b, Seq SchemaDependency)
|
2020-12-28 15:56:00 +03:00
|
|
|
procBoolExp source tn fieldInfoMap be = do
|
2021-07-28 11:09:32 +03:00
|
|
|
let rhsParser = BoolExpRHSParser parseCollectableType PSESession
|
2023-02-24 15:31:04 +03:00
|
|
|
|
|
|
|
rootFieldInfoMap <-
|
|
|
|
fmap _tciFieldInfoMap $
|
|
|
|
lookupTableCoreInfo tn
|
|
|
|
`onNothingM` throw500 ("unexpected: " <> tn <<> " doesn't exist")
|
|
|
|
|
|
|
|
abe <- annBoolExp rhsParser rootFieldInfoMap fieldInfoMap $ unBoolExp be
|
2020-12-28 15:56:00 +03:00
|
|
|
let deps = getBoolExpDeps source tn abe
|
2022-11-30 21:12:14 +03:00
|
|
|
return (abe, Seq.fromList deps)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2023-02-24 15:31:04 +03:00
|
|
|
annBoolExp ::
|
|
|
|
(QErrM m, TableCoreInfoRM b m, BackendMetadata b) =>
|
|
|
|
BoolExpRHSParser b m v ->
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
GBoolExp b ColExp ->
|
|
|
|
m (AnnBoolExp b v)
|
|
|
|
annBoolExp rhsParser rootFieldInfoMap fim boolExp =
|
|
|
|
case boolExp of
|
|
|
|
BoolAnd exps -> BoolAnd <$> procExps exps
|
|
|
|
BoolOr exps -> BoolOr <$> procExps exps
|
|
|
|
BoolNot e -> BoolNot <$> annBoolExp rhsParser rootFieldInfoMap fim e
|
|
|
|
BoolExists (GExists refqt whereExp) ->
|
|
|
|
withPathK "_exists" $ do
|
|
|
|
refFields <- withPathK "_table" $ askFieldInfoMapSource refqt
|
|
|
|
annWhereExp <- withPathK "_where" $ annBoolExp rhsParser rootFieldInfoMap refFields whereExp
|
|
|
|
return $ BoolExists $ GExists refqt annWhereExp
|
|
|
|
BoolField fld -> BoolField <$> annColExp rhsParser rootFieldInfoMap fim fld
|
|
|
|
where
|
|
|
|
procExps = mapM (annBoolExp rhsParser rootFieldInfoMap fim)
|
|
|
|
|
|
|
|
annColExp ::
|
|
|
|
(QErrM m, TableCoreInfoRM b m, BackendMetadata b) =>
|
|
|
|
BoolExpRHSParser b m v ->
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
ColExp ->
|
|
|
|
m (AnnBoolExpFld b v)
|
|
|
|
annColExp rhsParser rootFieldInfoMap colInfoMap (ColExp fieldName colVal) = do
|
|
|
|
colInfo <- askFieldInfo colInfoMap fieldName
|
|
|
|
case colInfo of
|
|
|
|
FIColumn pgi -> AVColumn pgi <$> parseBoolExpOperations (_berpValueParser rhsParser) rootFieldInfoMap colInfoMap (ColumnReferenceColumn pgi) colVal
|
|
|
|
FIRelationship relInfo -> do
|
|
|
|
relBoolExp <- decodeValue colVal
|
|
|
|
relFieldInfoMap <- askFieldInfoMapSource $ riRTable relInfo
|
|
|
|
annRelBoolExp <- annBoolExp rhsParser rootFieldInfoMap relFieldInfoMap $ unBoolExp relBoolExp
|
|
|
|
return $ AVRelationship relInfo annRelBoolExp
|
|
|
|
FIComputedField computedFieldInfo ->
|
|
|
|
AVComputedField <$> buildComputedFieldBooleanExp (BoolExpResolver annBoolExp) rhsParser rootFieldInfoMap colInfoMap computedFieldInfo colVal
|
|
|
|
-- Using remote fields in the boolean expression is not supported.
|
|
|
|
FIRemoteRelationship {} ->
|
|
|
|
throw400 UnexpectedPayload "remote field unsupported"
|
|
|
|
|
2020-10-27 16:53:49 +03:00
|
|
|
getDepHeadersFromVal :: Value -> [Text]
|
2019-02-11 15:45:30 +03:00
|
|
|
getDepHeadersFromVal val = case val of
|
|
|
|
Object o -> parseObject o
|
|
|
|
_ -> parseOnlyString val
|
2018-06-27 16:11:32 +03:00
|
|
|
where
|
2019-02-11 15:45:30 +03:00
|
|
|
parseOnlyString v = case v of
|
2018-08-29 08:47:13 +03:00
|
|
|
(String t)
|
2020-04-24 12:10:53 +03:00
|
|
|
| isSessionVariable t -> [T.toLower t]
|
2018-08-29 08:47:13 +03:00
|
|
|
| isReqUserId t -> [userIdHeader]
|
|
|
|
| otherwise -> []
|
|
|
|
_ -> []
|
2018-11-16 15:40:23 +03:00
|
|
|
parseObject o =
|
2022-06-08 18:31:28 +03:00
|
|
|
concatMap getDepHeadersFromVal (KM.elems o)
|
2019-02-11 15:45:30 +03:00
|
|
|
|
2021-08-09 13:20:04 +03:00
|
|
|
getDependentHeaders :: BoolExp b -> HashSet Text
|
2019-02-11 15:45:30 +03:00
|
|
|
getDependentHeaders (BoolExp boolExp) =
|
2021-08-09 13:20:04 +03:00
|
|
|
Set.fromList $ flip foldMap boolExp $ \(ColExp _ v) -> getDepHeadersFromVal v
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2022-04-06 15:47:35 +03:00
|
|
|
data DropPerm b = DropPerm
|
2022-08-01 12:32:04 +03:00
|
|
|
{ dipSource :: SourceName,
|
|
|
|
dipTable :: TableName b,
|
|
|
|
dipRole :: RoleName
|
Clean metadata arguments
## Description
Thanks to #1664, the Metadata API types no longer require a `ToJSON` instance. This PR follows up with a cleanup of the types of the arguments to the metadata API:
- whenever possible, it moves those argument types to where they're used (RQL.DDL.*)
- it removes all unrequired instances (mostly `ToJSON`)
This PR does not attempt to do it for _all_ such argument types. For some of the metadata operations, the type used to describe the argument to the API and used to represent the value in the metadata are one and the same (like for `CreateEndpoint`). Sometimes, the two types are intertwined in complex ways (`RemoteRelationship` and `RemoteRelationshipDef`). In the spirit of only doing uncontroversial cleaning work, this PR only moves types that are not used outside of RQL.DDL.
Furthermore, this is a small step towards separating the different types all jumbled together in RQL.Types.
## Notes
This PR also improves several `FromJSON` instances to make use of `withObject`, and to use a human readable string instead of a type name in error messages whenever possible. For instance:
- before: `expected Object for Object, but encountered X`
after: `expected Object for add computed field, but encountered X`
- before: `Expecting an object for update query`
after: `expected Object for update query, but encountered X`
This PR also renames `CreateFunctionPermission` to `FunctionPermissionArgument`, to remove the quite surprising `type DropFunctionPermission = CreateFunctionPermission`.
This PR also deletes some dead code, mostly in RQL.DML.
This PR also moves a PG-specific source resolving function from DDL.Schema.Source to the only place where it is used: App.hs.
https://github.com/hasura/graphql-engine-mono/pull/1844
GitOrigin-RevId: a594521194bb7fe6a111b02a9e099896f9fed59c
2021-07-27 13:41:42 +03:00
|
|
|
}
|
2020-12-28 15:56:00 +03:00
|
|
|
|
2022-04-06 15:47:35 +03:00
|
|
|
instance (Backend b) => FromJSON (DropPerm b) where
|
2021-09-20 22:49:33 +03:00
|
|
|
parseJSON = withObject "DropPerm" $ \o ->
|
2020-12-28 15:56:00 +03:00
|
|
|
DropPerm
|
|
|
|
<$> o .:? "source" .!= defaultSource
|
|
|
|
<*> o .: "table"
|
|
|
|
<*> o .: "role"
|