hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-18 13:02:11 +03:00
Code Issues Projects Releases Wiki Activity
d6d0b99a3c
graphql-engine/server/src-lib/Hasura/RQL/DDL/Schema/Cache/Permission.hs

107 lines
4.5 KiB
Haskell
Raw Normal View History

Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
{-# LANGUAGE Arrows #-}
module Hasura.RQL.DDL.Schema.Cache.Permission
( buildTablePermissions
, mkPermissionMetadataObject
) where
import Hasura.Prelude
server: move Hasura.SQL to Hasura.Backends.Postgres (#6053) https://github.com/hasura/graphql-engine/pull/6053
2020-10-27 16:53:49 +03:00
import qualified Data.HashMap.Strict.Extended as M
import qualified Data.Sequence as Seq
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
import Control.Arrow.Extended
import Data.Aeson
server: move Hasura.SQL to Hasura.Backends.Postgres (#6053) https://github.com/hasura/graphql-engine/pull/6053
2020-10-27 16:53:49 +03:00
import Data.Text.Extended
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
server: move Hasura.SQL to Hasura.Backends.Postgres (#6053) https://github.com/hasura/graphql-engine/pull/6053
2020-10-27 16:53:49 +03:00
import qualified Hasura.Incremental as Inc
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
server: move Hasura.SQL to Hasura.Backends.Postgres (#6053) https://github.com/hasura/graphql-engine/pull/6053
2020-10-27 16:53:49 +03:00
import Hasura.Backends.Postgres.Connection
import Hasura.Backends.Postgres.SQL.Types
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
import Hasura.RQL.DDL.Permission
import Hasura.RQL.DDL.Permission.Internal
import Hasura.RQL.DDL.Schema.Cache.Common
import Hasura.RQL.Types
import Hasura.RQL.Types.Catalog
remove `SQL.Text`, clean text functions
2020-10-21 19:35:06 +03:00
import Hasura.Session
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
buildTablePermissions
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
:: ( ArrowChoice arr, Inc.ArrowDistribute arr, Inc.ArrowCache m arr
remove hdb_views for inserts (#3598) * WIP: Remove hdb_views for inserts * Show failing row in check constraint error * Revert "Show failing row in check constraint error" This reverts commit dd2cac29d0dbef350695e25e4fb27b9401ff9006. * Use the better query plan * Simplify things * fix cli test * Update downgrading.rst * remove 1.1 asset for cli
2020-01-16 07:53:28 +03:00
, ArrowWriter (Seq CollectedInfo) arr, MonadTx m )
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
=> ( Inc.Dependency TableCoreCache
, QualifiedTable
server: SQL that grows (#6003) Add a backend type extension parameter to some RQL types, following the ideas of the paper "Trees that grow" (Najd & Jones 2016) Co-authored-by: Antoine Leblanc <antoine@hasura.io> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2020-10-22 23:42:27 +03:00
, FieldInfoMap (FieldInfo 'Postgres)
Add caching for recreating event trigger functions
2019-12-13 00:46:33 +03:00
, HashSet CatalogPermission
server: make more use of hlint (#6059) https://github.com/hasura/graphql-engine/pull/6059
2020-10-28 19:40:33 +03:00
) `arr` RolePermInfoMap 'Postgres
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
buildTablePermissions = Inc.cache proc (tableCache, tableName, tableFields, tablePermissions) ->
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
(| Inc.keyed (\_ rolePermissions -> do
let (insertPerms, selectPerms, updatePerms, deletePerms) =
partitionPermissions rolePermissions
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
insertPermInfo <- buildPermission -< (tableCache, tableName, tableFields, insertPerms)
selectPermInfo <- buildPermission -< (tableCache, tableName, tableFields, selectPerms)
updatePermInfo <- buildPermission -< (tableCache, tableName, tableFields, updatePerms)
deletePermInfo <- buildPermission -< (tableCache, tableName, tableFields, deletePerms)
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
returnA -< RolePermInfo
{ _permIns = insertPermInfo
, _permSel = selectPermInfo
, _permUpd = updatePermInfo
, _permDel = deletePermInfo
})
|) (M.groupOn _cpRole tablePermissions)
where
partitionPermissions = flip foldr ([], [], [], []) $
\perm (insertPerms, selectPerms, updatePerms, deletePerms) -> case _cpPermType perm of
PTInsert -> (perm:insertPerms, selectPerms, updatePerms, deletePerms)
PTSelect -> (insertPerms, perm:selectPerms, updatePerms, deletePerms)
PTUpdate -> (insertPerms, selectPerms, perm:updatePerms, deletePerms)
PTDelete -> (insertPerms, selectPerms, updatePerms, perm:deletePerms)
mkPermissionMetadataObject :: CatalogPermission -> MetadataObject
mkPermissionMetadataObject (CatalogPermission qt rn pt pDef cmnt) =
let objectId = MOTableObj qt $ MTOPerm rn pt
definition = toJSON $ WithTable qt $ PermDef rn pDef cmnt
in MetadataObject objectId definition
withPermission
:: (ArrowChoice arr, ArrowWriter (Seq CollectedInfo) arr)
=> WriterA (Seq SchemaDependency) (ErrorA QErr arr) (a, s) b
-> arr (a, (CatalogPermission, s)) (Maybe b)
withPermission f = proc (e, (permission, s)) -> do
let CatalogPermission tableName roleName permType _ _ = permission
metadataObject = mkPermissionMetadataObject permission
schemaObject = SOTableObj tableName $ TOPerm roleName permType
addPermContext err = "in permission for role " <> roleName <<> ": " <> err
(| withRecordInconsistency (
(| withRecordDependencies (
(| modifyErrA (f -< (e, s))
|) (addTableContext tableName . addPermContext))
|) metadataObject schemaObject)
|) metadataObject
buildPermission
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
:: ( ArrowChoice arr, Inc.ArrowCache m arr
remove hdb_views for inserts (#3598) * WIP: Remove hdb_views for inserts * Show failing row in check constraint error * Revert "Show failing row in check constraint error" This reverts commit dd2cac29d0dbef350695e25e4fb27b9401ff9006. * Use the better query plan * Simplify things * fix cli test * Update downgrading.rst * remove 1.1 asset for cli
2020-01-16 07:53:28 +03:00
, ArrowWriter (Seq CollectedInfo) arr
, MonadTx m, IsPerm a, FromJSON a
)
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
=> ( Inc.Dependency TableCoreCache
, QualifiedTable
server: SQL that grows (#6003) Add a backend type extension parameter to some RQL types, following the ideas of the paper "Trees that grow" (Najd & Jones 2016) Co-authored-by: Antoine Leblanc <antoine@hasura.io> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2020-10-22 23:42:27 +03:00
, FieldInfoMap (FieldInfo 'Postgres)
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
, [CatalogPermission]
) `arr` Maybe (PermInfo a)
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
buildPermission = Inc.cache proc (tableCache, tableName, tableFields, permissions) -> do
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
(permissions >- noDuplicates mkPermissionMetadataObject)
>-> (| traverseA (\permission@(CatalogPermission _ roleName _ pDef _) ->
(| withPermission (do
backend only insert permissions (rfc #4120) (#4224) * move user info related code to Hasura.User module * the RFC #4120 implementation; insert permissions with admin secret * revert back to old RoleName based schema maps An attempt made to avoid duplication of schema contexts in types if any role doesn't possess any admin secret specific schema * fix compile errors in haskell test * keep 'user_vars' for session variables in http-logs * no-op refacto * tests for admin only inserts * update docs for admin only inserts * updated CHANGELOG.md * default behaviour when admin secret is not set * fix x-hasura-role to X-Hasura-Role in pytests * introduce effective timeout in actions async tests * update docs for admin-secret not configured case * Update docs/graphql/manual/api-reference/schema-metadata-api/permission.rst Co-Authored-By: Marion Schleifer <marion@hasura.io> * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * a complete iteration backend insert permissions accessable via 'x-hasura-backend-privilege' session variable * console changes for backend-only permissions * provide tooltip id; update labels and tooltips; * requested changes * requested changes - remove className from Toggle component - use appropriate function name (capitalizeFirstChar -> capitalize) * use toggle props from definitelyTyped * fix accidental commit * Revert "introduce effective timeout in actions async tests" This reverts commit b7a59c19d643520cfde6af579889e1038038438a. * generate complete schema for both 'default' and 'backend' sessions * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * remove unnecessary import, export Toggle as is * update session variable in tooltip * 'x-hasura-use-backend-only-permissions' variable to switch * update help texts * update docs * update docs * update console help text * regenerate package-lock * serve no backend schema when backend_only: false and header set to true - Few type name refactor as suggested by @0x777 * update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md * fix a merge bug where a certain entity didn't get removed Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Rishichandra Wawhal <rishi@hasura.io> Co-authored-by: rikinsk <rikin.kachhia@gmail.com> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 12:10:53 +03:00
bindErrorA -< when (roleName == adminRoleName) $
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
throw400 ConstraintViolation "cannot define permission for admin role"
perm <- bindErrorA -< decodeValue pDef
let permDef = PermDef roleName perm Nothing
Use fine(er)-grained dependency tracking when building permissions This changes TableCoreCacheT to internally record dependencies at a per-table level. In practice, this dramatically improves the performance of building permissions: it makes it far, far less likely for permissions to be needlessly rebuilt because some unrelated table changed.
2019-12-15 19:07:08 +03:00
(info, dependencies) <- liftEitherA <<< Inc.bindDepend -< runExceptT $
runTableCoreCacheRT (buildPermInfo tableName tableFields permDef) tableCache
Split up Hasura.RQL.DDL.Schema.Cache This should hopefully improve compile times by avoiding the need to specialize everything at once.
2019-12-09 01:17:39 +03:00
tellA -< Seq.fromList dependencies
returnA -< info)
|) permission) |)
>-> (\info -> join info >- returnA)
Reference in New Issue Copy Permalink