2022-04-06 15:47:35 +03:00
|
|
|
{-# LANGUAGE UndecidableInstances #-}
|
|
|
|
|
|
2021-11-04 19:08:33 +03:00
|
|
|
module Hasura.RQL.DDL.Permission.Internal
|
|
|
|
|
( CreatePerm (..),
|
|
|
|
|
DropPerm (..),
|
2022-04-06 15:47:35 +03:00
|
|
|
permissionIsDefined,
|
2021-11-04 19:08:33 +03:00
|
|
|
assertPermDefined,
|
2022-02-03 17:14:33 +03:00
|
|
|
interpColSpec,
|
2021-11-04 19:08:33 +03:00
|
|
|
getDepHeadersFromVal,
|
|
|
|
|
getDependentHeaders,
|
2023-02-24 15:31:04 +03:00
|
|
|
annBoolExp,
|
2021-11-04 19:08:33 +03:00
|
|
|
procBoolExp,
|
2023-04-19 12:03:36 +03:00
|
|
|
procLogicalModelBoolExp,
|
2021-11-04 19:08:33 +03:00
|
|
|
)
|
|
|
|
|
where
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2020-11-02 14:50:40 +03:00
|
|
|
import Control.Lens hiding ((.=))
|
2022-06-08 18:31:28 +03:00
|
|
|
import Data.Aeson.KeyMap qualified as KM
|
2018-06-27 16:11:32 +03:00
|
|
|
import Data.Aeson.Types
|
2023-04-26 18:42:13 +03:00
|
|
|
import Data.HashMap.Strict qualified as HashMap
|
2021-08-09 13:20:04 +03:00
|
|
|
import Data.HashSet qualified as Set
|
2022-11-30 21:12:14 +03:00
|
|
|
import Data.Sequence qualified as Seq
|
2020-11-02 14:50:40 +03:00
|
|
|
import Data.Text qualified as T
|
2020-10-21 19:35:06 +03:00
|
|
|
import Data.Text.Extended
|
2021-05-11 18:18:31 +03:00
|
|
|
import Hasura.Base.Error
|
2023-04-19 12:03:36 +03:00
|
|
|
import Hasura.LogicalModel.Types (LogicalModelName)
|
2020-08-27 19:36:39 +03:00
|
|
|
import Hasura.Prelude
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.IR.BoolExp
|
|
|
|
|
import Hasura.RQL.Types.Backend
|
2022-05-25 13:24:41 +03:00
|
|
|
import Hasura.RQL.Types.BoolExp
|
2023-02-24 15:31:04 +03:00
|
|
|
import Hasura.RQL.Types.Column (ColumnReference (ColumnReferenceColumn))
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.Types.Common
|
|
|
|
|
import Hasura.RQL.Types.Metadata.Backend
|
|
|
|
|
import Hasura.RQL.Types.Permission
|
|
|
|
|
import Hasura.RQL.Types.Relationships.Local
|
2023-04-24 11:50:29 +03:00
|
|
|
import Hasura.RQL.Types.Roles (RoleName)
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.Types.SchemaCache
|
2022-08-19 18:40:26 +03:00
|
|
|
import Hasura.RQL.Types.SchemaCacheTypes
|
2022-04-27 16:57:28 +03:00
|
|
|
import Hasura.RQL.Types.Table
|
2020-10-21 19:35:06 +03:00
|
|
|
import Hasura.Server.Utils
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2022-02-03 17:14:33 +03:00
|
|
|
-- | Intrepet a 'PermColSpec' column specification, which can either refer to a
|
|
|
|
|
-- list of named columns or all columns.
|
|
|
|
|
interpColSpec :: [Column b] -> PermColSpec b -> [Column b]
|
|
|
|
|
interpColSpec _ (PCCols cols) = cols
|
|
|
|
|
interpColSpec allColumns PCStar = allColumns
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
permissionIsDefined ::
|
2022-04-06 15:47:35 +03:00
|
|
|
PermType -> RolePermInfo backend -> Bool
|
|
|
|
|
permissionIsDefined pt rpi = isJust
|
|
|
|
|
case pt of
|
|
|
|
|
PTSelect -> rpi ^. permSel $> ()
|
|
|
|
|
PTInsert -> rpi ^. permIns $> ()
|
|
|
|
|
PTUpdate -> rpi ^. permUpd $> ()
|
|
|
|
|
PTDelete -> rpi ^. permDel $> ()
|
2021-09-24 01:56:37 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
assertPermDefined ::
|
2020-12-01 18:50:18 +03:00
|
|
|
(Backend backend, MonadError QErr m) =>
|
2018-06-27 16:11:32 +03:00
|
|
|
RoleName ->
|
2022-04-06 15:47:35 +03:00
|
|
|
PermType ->
|
2020-10-22 23:42:27 +03:00
|
|
|
TableInfo backend ->
|
2018-06-27 16:11:32 +03:00
|
|
|
m ()
|
2022-04-06 15:47:35 +03:00
|
|
|
assertPermDefined role pt tableInfo =
|
2022-10-04 00:49:32 +03:00
|
|
|
unless (any (permissionIsDefined pt) rpi) $
|
2018-06-27 16:11:32 +03:00
|
|
|
throw400 PermissionDenied $
|
An `ErrorMessage` type, to encapsulate.
This introduces an `ErrorMessage` newtype which wraps `Text` in a manner which is designed to be easy to construct, and difficult to deconstruct.
It provides functionality similar to `Data.Text.Extended`, but designed _only_ for error messages. Error messages are constructed through `fromString`, concatenation, or the `toErrorValue` function, which is designed to be overridden for all meaningful domain types that might show up in an error message. Notably, there are not and should never be instances of `ToErrorValue` for `String`, `Text`, `Int`, etc. This is so that we correctly represent the value in a way that is specific to its type. For example, all `Name` values (from the _graphql-parser-hs_ library) are single-quoted now; no exceptions.
I have mostly had to add `instance ToErrorValue` for various backend types (and also add newtypes where necessary). Some of these are not strictly necessary for this changeset, as I had bigger aspirations when I started. These aspirations have been tempered by trying and failing twice.
As such, in this changeset, I have started by introducing this type to the `parseError` and `parseErrorWith` functions. In the future, I would like to extend this to the `QErr` record and the various `throwError` functions, but this is a much larger task and should probably be done in stages.
For now, `toErrorMessage` and `fromErrorMessage` are provided for conversion to and from `Text`, but the intent is to stop exporting these once all error messages are converted to the new type.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5018
GitOrigin-RevId: 84b37e238992e4312255a87ca44f41af65e2d89a
2022-07-18 23:26:01 +03:00
|
|
|
"'"
|
|
|
|
|
<> tshow pt
|
|
|
|
|
<> "'"
|
|
|
|
|
<> " permission on "
|
|
|
|
|
<> tableInfoName tableInfo
|
|
|
|
|
<<> " for role "
|
|
|
|
|
<> role
|
|
|
|
|
<<> " does not exist"
|
2018-06-27 16:11:32 +03:00
|
|
|
where
|
2023-04-26 18:42:13 +03:00
|
|
|
rpi = HashMap.lookup role $ _tiRolePermInfoMap tableInfo
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2022-04-06 15:47:35 +03:00
|
|
|
newtype CreatePerm a b = CreatePerm (WithTable b (PermDef b a))
|
|
|
|
|
|
|
|
|
|
deriving instance (Backend b, FromJSON (PermDef b a)) => FromJSON (CreatePerm a b)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
|
|
|
|
data CreatePermP1Res a = CreatePermP1Res
|
2022-08-01 12:32:04 +03:00
|
|
|
{ cprInfo :: a,
|
|
|
|
|
cprDeps :: [SchemaDependency]
|
2018-06-27 16:11:32 +03:00
|
|
|
}
|
|
|
|
|
deriving (Show, Eq)
|
2021-09-24 01:56:37 +03:00
|
|
|
|
2018-06-27 16:11:32 +03:00
|
|
|
procBoolExp ::
|
2022-08-19 18:40:26 +03:00
|
|
|
( QErrM m,
|
|
|
|
|
TableCoreInfoRM b m,
|
|
|
|
|
BackendMetadata b,
|
|
|
|
|
GetAggregationPredicatesDeps b
|
|
|
|
|
) =>
|
2020-12-28 15:56:00 +03:00
|
|
|
SourceName ->
|
2021-02-14 09:07:52 +03:00
|
|
|
TableName b ->
|
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
|
BoolExp b ->
|
2022-11-30 21:12:14 +03:00
|
|
|
m (AnnBoolExpPartialSQL b, Seq SchemaDependency)
|
2020-12-28 15:56:00 +03:00
|
|
|
procBoolExp source tn fieldInfoMap be = do
|
2021-07-28 11:09:32 +03:00
|
|
|
let rhsParser = BoolExpRHSParser parseCollectableType PSESession
|
2023-02-24 15:31:04 +03:00
|
|
|
|
|
|
|
|
rootFieldInfoMap <-
|
|
|
|
|
fmap _tciFieldInfoMap $
|
|
|
|
|
lookupTableCoreInfo tn
|
|
|
|
|
`onNothingM` throw500 ("unexpected: " <> tn <<> " doesn't exist")
|
|
|
|
|
|
|
|
|
|
abe <- annBoolExp rhsParser rootFieldInfoMap fieldInfoMap $ unBoolExp be
|
2020-12-28 15:56:00 +03:00
|
|
|
let deps = getBoolExpDeps source tn abe
|
2022-11-30 21:12:14 +03:00
|
|
|
return (abe, Seq.fromList deps)
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2023-03-06 18:06:37 +03:00
|
|
|
-- | Interpret a 'BoolExp' into an 'AnnBoolExp', collecting any dependencies as
|
|
|
|
|
-- we go. At the moment, the only dependencies we're likely to encounter are
|
|
|
|
|
-- independent dependencies on other tables. For example, "this user can only
|
2023-04-19 12:03:36 +03:00
|
|
|
-- select from this logical model if their ID is in the @allowed_users@ table".
|
|
|
|
|
procLogicalModelBoolExp ::
|
2023-03-06 18:06:37 +03:00
|
|
|
forall b m.
|
|
|
|
|
( QErrM m,
|
|
|
|
|
TableCoreInfoRM b m,
|
|
|
|
|
BackendMetadata b,
|
|
|
|
|
GetAggregationPredicatesDeps b
|
|
|
|
|
) =>
|
|
|
|
|
SourceName ->
|
2023-04-19 12:03:36 +03:00
|
|
|
LogicalModelName ->
|
2023-03-06 18:06:37 +03:00
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
|
BoolExp b ->
|
|
|
|
|
m (AnnBoolExpPartialSQL b, Seq SchemaDependency)
|
2023-04-19 12:03:36 +03:00
|
|
|
procLogicalModelBoolExp source lmn fieldInfoMap be = do
|
2023-03-06 18:06:37 +03:00
|
|
|
let -- The parser for the "right hand side" of operations. We use @rhsParser@
|
|
|
|
|
-- as the name here for ease of grepping, though it's maybe a bit vague.
|
|
|
|
|
-- More specifically, if we think of an operation that combines a field
|
2023-04-13 19:10:38 +03:00
|
|
|
-- (such as those in tables or native queries) on the /left/ with a value
|
2023-03-06 18:06:37 +03:00
|
|
|
-- or session variable on the /right/, this is a parser for the latter.
|
|
|
|
|
rhsParser :: BoolExpRHSParser b m (PartialSQLExp b)
|
|
|
|
|
rhsParser = BoolExpRHSParser parseCollectableType PSESession
|
|
|
|
|
|
2023-04-13 19:10:38 +03:00
|
|
|
-- In Native Queries, there are no relationships (unlike tables, where one
|
2023-03-06 18:06:37 +03:00
|
|
|
-- table can reference another). This means that our root fieldInfoMap is
|
|
|
|
|
-- always going to be the same as our current fieldInfoMap, so we just pass
|
|
|
|
|
-- the same one in twice.
|
|
|
|
|
abe <- annBoolExp rhsParser fieldInfoMap fieldInfoMap (unBoolExp be)
|
|
|
|
|
|
|
|
|
|
let -- What dependencies do we have on the schema cache in order to process
|
|
|
|
|
-- this boolean expression? This dependency system is explained more
|
2023-04-19 12:03:36 +03:00
|
|
|
-- thoroughly in the 'buildLogicalModelSelPermInfo' inline comments.
|
2023-03-06 18:06:37 +03:00
|
|
|
deps :: [SchemaDependency]
|
2023-04-19 12:03:36 +03:00
|
|
|
deps = getLogicalModelBoolExpDeps source lmn abe
|
2023-03-06 18:06:37 +03:00
|
|
|
|
|
|
|
|
return (abe, Seq.fromList deps)
|
|
|
|
|
|
2023-02-24 15:31:04 +03:00
|
|
|
annBoolExp ::
|
|
|
|
|
(QErrM m, TableCoreInfoRM b m, BackendMetadata b) =>
|
|
|
|
|
BoolExpRHSParser b m v ->
|
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
|
GBoolExp b ColExp ->
|
|
|
|
|
m (AnnBoolExp b v)
|
|
|
|
|
annBoolExp rhsParser rootFieldInfoMap fim boolExp =
|
|
|
|
|
case boolExp of
|
|
|
|
|
BoolAnd exps -> BoolAnd <$> procExps exps
|
|
|
|
|
BoolOr exps -> BoolOr <$> procExps exps
|
|
|
|
|
BoolNot e -> BoolNot <$> annBoolExp rhsParser rootFieldInfoMap fim e
|
|
|
|
|
BoolExists (GExists refqt whereExp) ->
|
|
|
|
|
withPathK "_exists" $ do
|
|
|
|
|
refFields <- withPathK "_table" $ askFieldInfoMapSource refqt
|
|
|
|
|
annWhereExp <- withPathK "_where" $ annBoolExp rhsParser rootFieldInfoMap refFields whereExp
|
|
|
|
|
return $ BoolExists $ GExists refqt annWhereExp
|
|
|
|
|
BoolField fld -> BoolField <$> annColExp rhsParser rootFieldInfoMap fim fld
|
|
|
|
|
where
|
|
|
|
|
procExps = mapM (annBoolExp rhsParser rootFieldInfoMap fim)
|
|
|
|
|
|
|
|
|
|
annColExp ::
|
|
|
|
|
(QErrM m, TableCoreInfoRM b m, BackendMetadata b) =>
|
|
|
|
|
BoolExpRHSParser b m v ->
|
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
|
FieldInfoMap (FieldInfo b) ->
|
|
|
|
|
ColExp ->
|
|
|
|
|
m (AnnBoolExpFld b v)
|
|
|
|
|
annColExp rhsParser rootFieldInfoMap colInfoMap (ColExp fieldName colVal) = do
|
|
|
|
|
colInfo <- askFieldInfo colInfoMap fieldName
|
|
|
|
|
case colInfo of
|
|
|
|
|
FIColumn pgi -> AVColumn pgi <$> parseBoolExpOperations (_berpValueParser rhsParser) rootFieldInfoMap colInfoMap (ColumnReferenceColumn pgi) colVal
|
2023-04-11 04:29:05 +03:00
|
|
|
FINestedObject {} ->
|
|
|
|
|
throw400 NotSupported "nested object not supported"
|
2023-02-24 15:31:04 +03:00
|
|
|
FIRelationship relInfo -> do
|
|
|
|
|
relBoolExp <- decodeValue colVal
|
|
|
|
|
relFieldInfoMap <- askFieldInfoMapSource $ riRTable relInfo
|
|
|
|
|
annRelBoolExp <- annBoolExp rhsParser rootFieldInfoMap relFieldInfoMap $ unBoolExp relBoolExp
|
|
|
|
|
return $ AVRelationship relInfo annRelBoolExp
|
|
|
|
|
FIComputedField computedFieldInfo ->
|
|
|
|
|
AVComputedField <$> buildComputedFieldBooleanExp (BoolExpResolver annBoolExp) rhsParser rootFieldInfoMap colInfoMap computedFieldInfo colVal
|
|
|
|
|
-- Using remote fields in the boolean expression is not supported.
|
|
|
|
|
FIRemoteRelationship {} ->
|
|
|
|
|
throw400 UnexpectedPayload "remote field unsupported"
|
|
|
|
|
|
2020-10-27 16:53:49 +03:00
|
|
|
getDepHeadersFromVal :: Value -> [Text]
|
2019-02-11 15:45:30 +03:00
|
|
|
getDepHeadersFromVal val = case val of
|
|
|
|
|
Object o -> parseObject o
|
|
|
|
|
_ -> parseOnlyString val
|
2018-06-27 16:11:32 +03:00
|
|
|
where
|
2019-02-11 15:45:30 +03:00
|
|
|
parseOnlyString v = case v of
|
2018-08-29 08:47:13 +03:00
|
|
|
(String t)
|
2020-04-24 12:10:53 +03:00
|
|
|
| isSessionVariable t -> [T.toLower t]
|
2018-08-29 08:47:13 +03:00
|
|
|
| isReqUserId t -> [userIdHeader]
|
|
|
|
|
| otherwise -> []
|
|
|
|
|
_ -> []
|
2018-11-16 15:40:23 +03:00
|
|
|
parseObject o =
|
2022-06-08 18:31:28 +03:00
|
|
|
concatMap getDepHeadersFromVal (KM.elems o)
|
2019-02-11 15:45:30 +03:00
|
|
|
|
2021-08-09 13:20:04 +03:00
|
|
|
getDependentHeaders :: BoolExp b -> HashSet Text
|
2019-02-11 15:45:30 +03:00
|
|
|
getDependentHeaders (BoolExp boolExp) =
|
2021-08-09 13:20:04 +03:00
|
|
|
Set.fromList $ flip foldMap boolExp $ \(ColExp _ v) -> getDepHeadersFromVal v
|
2018-06-27 16:11:32 +03:00
|
|
|
|
2022-04-06 15:47:35 +03:00
|
|
|
data DropPerm b = DropPerm
|
2022-08-01 12:32:04 +03:00
|
|
|
{ dipSource :: SourceName,
|
|
|
|
|
dipTable :: TableName b,
|
|
|
|
|
dipRole :: RoleName
|
Clean metadata arguments
## Description
Thanks to #1664, the Metadata API types no longer require a `ToJSON` instance. This PR follows up with a cleanup of the types of the arguments to the metadata API:
- whenever possible, it moves those argument types to where they're used (RQL.DDL.*)
- it removes all unrequired instances (mostly `ToJSON`)
This PR does not attempt to do it for _all_ such argument types. For some of the metadata operations, the type used to describe the argument to the API and used to represent the value in the metadata are one and the same (like for `CreateEndpoint`). Sometimes, the two types are intertwined in complex ways (`RemoteRelationship` and `RemoteRelationshipDef`). In the spirit of only doing uncontroversial cleaning work, this PR only moves types that are not used outside of RQL.DDL.
Furthermore, this is a small step towards separating the different types all jumbled together in RQL.Types.
## Notes
This PR also improves several `FromJSON` instances to make use of `withObject`, and to use a human readable string instead of a type name in error messages whenever possible. For instance:
- before: `expected Object for Object, but encountered X`
after: `expected Object for add computed field, but encountered X`
- before: `Expecting an object for update query`
after: `expected Object for update query, but encountered X`
This PR also renames `CreateFunctionPermission` to `FunctionPermissionArgument`, to remove the quite surprising `type DropFunctionPermission = CreateFunctionPermission`.
This PR also deletes some dead code, mostly in RQL.DML.
This PR also moves a PG-specific source resolving function from DDL.Schema.Source to the only place where it is used: App.hs.
https://github.com/hasura/graphql-engine-mono/pull/1844
GitOrigin-RevId: a594521194bb7fe6a111b02a9e099896f9fed59c
2021-07-27 13:41:42 +03:00
|
|
|
}
|
2020-12-28 15:56:00 +03:00
|
|
|
|
2022-04-06 15:47:35 +03:00
|
|
|
instance (Backend b) => FromJSON (DropPerm b) where
|
2021-09-20 22:49:33 +03:00
|
|
|
parseJSON = withObject "DropPerm" $ \o ->
|
2020-12-28 15:56:00 +03:00
|
|
|
DropPerm
|
|
|
|
|
<$> o .:? "source" .!= defaultSource
|
|
|
|
|
<*> o .: "table"
|
|
|
|
|
<*> o .: "role"
|
