Commit Graph

84 Commits

Author SHA1 Message Date
Karthikeyan Chinnakonda
92026b769f [Preview] Inherited roles for postgres read queries
fixes #3868

docker image - `hasura/graphql-engine:inherited-roles-preview-48b73a2de`

Note:

To be able to use the inherited roles feature, the graphql-engine should be started with the env variable `HASURA_GRAPHQL_EXPERIMENTAL_FEATURES` set to `inherited_roles`.

Introduction
------------

This PR implements the idea of multiple roles as presented in this [paper](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/FGALanguageICDE07.pdf). The multiple roles feature in this PR can be used via inherited roles. An inherited role is a role which can be created by combining multiple singular roles. For example, if there are two roles `author` and `editor` configured in the graphql-engine, then we can create a inherited role with the name of `combined_author_editor` role which will combine the select permissions of the `author` and `editor` roles and then make GraphQL queries using the `combined_author_editor`.

How are select permissions of different roles are combined?
------------------------------------------------------------

A select permission includes 5 things:

1. Columns accessible to the role
2. Row selection filter
3. Limit
4. Allow aggregation
5. Scalar computed fields accessible to the role

 Suppose there are two roles, `role1` gives access to the `address` column with row filter `P1` and `role2` gives access to both the `address` and the `phone` column with row filter `P2` and we create a new role `combined_roles` which combines `role1` and `role2`.

Let's say the following GraphQL query is queried with the `combined_roles` role.

```graphql
query {
   employees {
     address
     phone
   }
}
```

This will translate to the following SQL query:

```sql

 select
    (case when (P1 or P2) then address else null end) as address,
    (case when P2 then phone else null end) as phone
 from employee
 where (P1 or P2)
```

The other parameters of the select permission will be combined in the following manner:

1. Limit - Minimum of the limits will be the limit of the inherited role
2. Allow aggregations - If any of the role allows aggregation, then the inherited role will allow aggregation
3. Scalar computed fields - same as table column fields, as in the above example

APIs for inherited roles:
----------------------

1. `add_inherited_role`

`add_inherited_role` is the [metadata API](https://hasura.io/docs/1.0/graphql/core/api-reference/index.html#schema-metadata-api) to create a new inherited role. It accepts two arguments

`role_name`: the name of the inherited role to be added (String)
`role_set`: list of roles that need to be combined (Array of Strings)

Example:

```json
{
  "type": "add_inherited_role",
  "args": {
      "role_name":"combined_user",
      "role_set":[
          "user",
          "user1"
      ]
  }
}
```

After adding the inherited role, the inherited role can be used like single roles like earlier

Note:

An inherited role can only be created with non-inherited/singular roles.

2. `drop_inherited_role`

The `drop_inherited_role` API accepts the name of the inherited role and drops it from the metadata. It accepts a single argument:

`role_name`: name of the inherited role to be dropped

Example:

```json

{
  "type": "drop_inherited_role",
  "args": {
      "role_name":"combined_user"
  }
}
```

Metadata
---------

The derived roles metadata will be included under the `experimental_features` key while exporting the metadata.

```json
{
  "experimental_features": {
    "derived_roles": [
      {
        "role_name": "manager_is_employee_too",
        "role_set": [
          "employee",
          "manager"
        ]
      }
    ]
  }
}
```

Scope
------

Only postgres queries and subscriptions are supported in this PR.

Important points:
-----------------

1. All columns exposed to an inherited role will be marked as `nullable`, this is done so that cell value nullification can be done.

TODOs
-------

- [ ] Tests
   - [ ] Test a GraphQL query running with a inherited role without enabling inherited roles in experimental features
   - [] Tests for aggregate queries, limit, computed fields, functions, subscriptions (?)
   - [ ] Introspection test with a inherited role (nullability changes in a inherited role)
- [ ] Docs
- [ ] Changelog

Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
GitOrigin-RevId: 3b8ee1e11f5ceca80fe294f8c074d42fbccfec63
2021-03-08 11:15:10 +00:00
Vladimir Ciobanu
281cb771ff server: add MSSQL support
Co-authored-by: Rakesh Emmadi <12475069+rakeshkky@users.noreply.github.com>
Co-authored-by: Antoine Leblanc <1618949+nicuveo@users.noreply.github.com>
Co-authored-by: Vamshi Surabhi <6562944+0x777@users.noreply.github.com>
Co-authored-by: Aravind K P <8335904+scriptonist@users.noreply.github.com>
GitOrigin-RevId: 699c453b9692e1b822f393f23ff5e6db4e010d57
2021-02-23 17:38:36 +00:00
Rakesh Emmadi
9ef603360c server: generalize schema cache building (#496)
Co-authored-by: Vamshi Surabhi <vamshi@hasura.io>
Co-authored-by: Vladimir Ciobanu <admin@cvlad.info>
Co-authored-by: Antoine Leblanc <antoine@hasura.io>
Co-authored-by: Stylish Haskell Bot <stylish-haskell@users.noreply.github.com>
GitOrigin-RevId: 9d631878037637f3ed2994b5d0525efd978f7b8f
2021-02-14 06:08:46 +00:00
Matthew Pickering
35b81f39e9 Memory performance improvements from Cherre (#518)
* Stop shutdown handler retaining the whole serveCtx

This might look like quite a strange way to write the function but it's
the only way I could get GHC to not capture `serveCtx` in the shutdown
handler.

Fixes the metadata issue in #344

* Force argumentNames

The arguments list is often empty so we end up with a lot of duplicate
thunks if this value is not forced.

* Increase sharing in nullableType and nonNullableType

The previous definitions would lead to increased allocation as it would
destory any previously created sharing. The new definition only allocate
a fresh constructor if the value is changed.

* Add memoization for field parsers

It was observed in #344 that many parsers were not being memoised which
led to an increase in memory usage. This patch generalisation memoisation so
that it works for FieldParsers as well as normal Parsers.

There can still be substantial improvement made by also memoising
InputFieldParsers but that is left for future work.

Co-authored-by: Antoine Leblanc <antoine@hasura.io>

* [automated] stylish-haskell commit

* changelog

Co-authored-by: Phil Freeman <paf31@cantab.net>
Co-authored-by: Antoine Leblanc <antoine@hasura.io>
Co-authored-by: Stylish Haskell Bot <stylish-haskell@users.noreply.github.com>
Co-authored-by: Phil Freeman <phil@hasura.io>
GitOrigin-RevId: 36255f77a47cf283ea61df9d6a4f9138d4e5834c
2021-02-12 01:34:56 +00:00
Antoine Leblanc
9b38863c73 server: change RootField so that only the DB component is existential
GitOrigin-RevId: ff620b775ea9b1c8433255705254ed9d58eba290
2021-02-09 19:30:08 +00:00
Antoine Leblanc
7760ed2d98 server: generalize top-level build functions
GitOrigin-RevId: 5ace65f702b411bf75c84e949742c7d657382fab
2021-02-09 12:48:22 +00:00
Vladimir Ciobanu
6b7b68504a server: improve the UX around SourceInfo
GitOrigin-RevId: 47f7e9b7daa3f89771dd3883e9f6050274827e27
2021-02-08 16:31:17 +00:00
Antoine Leblanc
e449cf9990 server: finish generalizing mutations
GitOrigin-RevId: 645eefadee35f1642eee805e20161417ab38b949
2021-02-08 10:40:51 +00:00
Antoine Leblanc
83701fb63e server: changes to support other backends
GitOrigin-RevId: ec0ad47957ab6f9a0855623fffedb23924e7c75d
2021-02-03 16:25:17 +00:00
Karthikeyan Chinnakonda
312e56dfa6 server: support tracking of custom functions which return single row
GitOrigin-RevId: fbf99816a70e666bb9b02fca92a0ee7d419cdff8
2021-02-03 14:07:30 +00:00
Karthikeyan Chinnakonda
10a3f9960d server: new function permissions layer
Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com>
Co-authored-by: Rakesh Emmadi <12475069+rakeshkky@users.noreply.github.com>
GitOrigin-RevId: 35645121242294cb6bb500ea598e9a1f2ca67fa1
2021-01-29 05:49:09 +00:00
Antoine Leblanc
6494229f54 server: generalize functions (#393)
Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
GitOrigin-RevId: 5d2140152a2a18601c785ea80a7689cbe3bd277e
2021-01-25 10:13:54 +00:00
Antoine Leblanc
4815fcd500 server: progress on generic metadata
This PR generalizes a bunch of metadata structures.

Most importantly, it changes `SourceCache` to hold existentially quantified values:
```
data BackendSourceInfo =
  forall b. Backend b => BackendSourceInfo (SourceInfo b)

type SourceCache = HashMap SourceName BackendSourceInfo
```

This changes a *lot* of things throughout the code. For now, all code using the schema cache explicitly casts sources to Postgres, meaning that if any non-Postgres `SourceInfo` makes it to the cache, it'll be ignored.

That means that after this PR is submitted, we can split work between two different aspects:
  - creating `SourceInfo` for other backends
  - handling those other sources down the line

GitOrigin-RevId: fb9ea00f32e840fc33c5467896fb1dfa5283ab42
2021-01-20 00:32:45 +00:00
hasura-bot
98ccd81704 Server: Remote relationships permissions
GITHUB_PR_NUMBER: 6125
GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6125

Co-authored-by: Karthikeyan Chinnakonda <15602904+codingkarthik@users.noreply.github.com>
GitOrigin-RevId: 53d0671e6335dad1af7cb00e3e05e7021a910673
2021-01-19 20:57:58 +00:00
Antoine Leblanc
e754190301 server: clean MaybeT usage, and introduce new hlint rules
### Description

Our Prelude provides the very convenient `hoistMaybe :: Maybe b -> MaybeT m b`. This PR adds hlint rules to replace uses of `MaybeT $ pure $ x` with the cleaner `hoistMaybe x`, and rules to specifically replace `MaybeT $ pure Nothing` with `empty`.

GitOrigin-RevId: 7254f4954e34e4d7ca972dc7c12073d3ab8cb0b8
2021-01-19 13:38:42 +00:00
Vladimir Ciobanu
6e752a7876 server: add type information to aggregates and stringify them (closes #5704)
Fixes https://github.com/hasura/graphql-engine/issues/5704 by checking, for aggregate fields whether we are handling a numeric aggregation.

This PR also adds type information to `ColFld` such that we know the type of the field.

This is the second attempt. See #319 for a less invasive approach. @nicuveo suggested type information might be useful, and since it wasn't hard to add, I think this version is better as well.

GitOrigin-RevId: aa6a259fd5debe9466df6302839ddbbd0ea659b5
2021-01-18 13:52:51 +00:00
hasura-bot
513a3d0c19 Fix action relationship type and input arguments (closes #6402) (#284)
Co-authored-by: Antoine Leblanc <antoine@hasura.io>
GITHUB_PR_NUMBER: 6417
GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6417
GitOrigin-RevId: 37b67a4d04e0ed3b16fc5fc9bf025b24b1f1bf6e
2021-01-18 06:57:24 +00:00
Karthikeyan Chinnakonda
7b83018c39 Server: fix issue of not being able to track tables with non-compliant GraphQL names (#313)
* server: use only the valid tables in the node parser

* add test

GitOrigin-RevId: 90edf001220c7d78eaab86ff565ee4311844b5d3
2021-01-12 08:13:58 +00:00
Antoine Leblanc
0d194724ee server: generalize update schema
### Description

This PR updates the graphql schema to be backend-agnostic. To do so, it also moves the definition of operators to `BackendSchema`, to be specified differently per backend.

GitOrigin-RevId: 35b9d2d1bff93fb68b872d6ab0d3d12ec12c1b93
2021-01-08 19:46:34 +00:00
Karthikeyan Chinnakonda
8a7e749a69 server: fix issue when a non-nullable remote schema field was added as nullable (#279)
GitOrigin-RevId: cf6df889d93bc2e4da47e4fbc6c112be99de977a
2021-01-05 14:47:52 +00:00
Rakesh Emmadi
29f2ddc289 server: support separate metadata database and server code setup for multi sources (#197)
This is an incremental PR towards https://github.com/hasura/graphql-engine/pull/5797

Co-authored-by: Anon Ray <ecthiender@users.noreply.github.com>
GitOrigin-RevId: a6cb8c239b2ff840a0095e78845f682af0e588a9
2020-12-28 12:56:55 +00:00
Karthikeyan Chinnakonda
39a4352569 Merge pull request #113 from hasura/karthikeyan/remote-schema-permissions
server: remote schema permissions
GitOrigin-RevId: 63b9717e30351676c9474bdfddd3ad1ee1409eea
2020-12-21 09:12:35 +00:00
Rakesh Emmadi
a153e96309 server: expand metadata storage class with async actions and core metadata operations (#184)
An incremental PR towards https://github.com/hasura/graphql-engine/pull/5797
- Expands `MonadMetadataStorage` with operations related to async actions and setting/updating metadata

GitOrigin-RevId: 53386b7b2d007e162050b826d0708897f0b4c8f6
2020-12-14 04:31:20 +00:00
Antoine Leblanc
390585e6a2 Generalize Delete schema. (#193)
GitOrigin-RevId: ba01d7b5d1fa7c343daea7049b07e4cd25ed4a65
2020-12-10 16:59:43 +00:00
hasura-bot
115f2cb621 server: don't memoize backend scalar type reps through WithScalarType (#136)
Co-authored-by: Auke Booij <auke@hasura.io>
GITHUB_PR_NUMBER: 6281
GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6281
GitOrigin-RevId: b7ab3352af21175f0065f1bc2304a1232f6a5580
2020-12-03 12:22:24 +00:00
Antoine Leblanc
3537e2acdc server: fix primary key mutations issue (closes #6255) (#129)
* Add update_by_pk test with more interesting permissions.

* Add new delete test with more interesting permissions.

* Fix byPk operations not providing all columns.

* Empty commit to unlock ci.

GitOrigin-RevId: eb1ca2cc4c59f421bc5fedf49bef91aa4bbdca94
2020-12-02 14:13:00 +00:00
Auke Booij
3c3ed55914 server: schema that grows (#105)
This PR makes a bunch of schema generation code in Hasura.GraphQL.Schema backend-agnostic, by moving the backend-specific parts into a new BackendSchema type class. This way, the schema generation code can be reused for other backends, simply by implementing new instances of the BackendSchema type class.

This work is now in a state where the schema generators are sufficiently generic to accept the implementation of a new backend. That means that we can start exposing MS SQL schema. Execution is not implemented yet, of course.
The branch currently does not support computed fields or Relay. This is, in a sense, intentional: computed field support is normally baked into the schema generation (through the fieldSelection schema generator), and so this branch shows a programming technique that allows us to expose certain GraphQL schema depending on backend support. We can write support for computed fields and Relay at a later stage.

Co-authored-by: Antoine Leblanc <antoine@hasura.io>
GitOrigin-RevId: df369fc3d189cbda1b931d31678e9450a6601314
2020-12-01 15:51:13 +00:00
hasura-bot
7b31ff99d1 Support Postgres POSIX regex operators (close #4317) (#119)
Co-authored-by: christophediprima <dipdipdip84@gmail.com>
Co-authored-by: dip <dipdipdip84@gmail.com>
Co-authored-by: Auke Booij <auke@hasura.io>
Co-authored-by: Antoine Leblanc <antoine@hasura.io>
GITHUB_PR_NUMBER: 6172
GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6172
GitOrigin-RevId: 5192d238b527cd21b6efb2f74e279ecc34756c29
2020-11-27 10:54:52 +00:00
Auke Booij
350d6b3d43 server: make the UnpreparedValue less tightly bound to the backend (#108)
Co-authored-by: Antoine Leblanc <antoine@hasura.io>
GitOrigin-RevId: 90cb7e1cc97961523085ae7ae3d195549b901b1f
2020-11-25 16:08:27 +00:00
hasura-bot
64743cb189 server: all remaining IR changes (#75)
Co-authored-by: Antoine Leblanc <antoine@hasura.io>
GITHUB_PR_NUMBER: 6233
GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/6233

Co-authored-by: Antoine Leblanc <antoine@hasura.io>
Co-authored-by: Auke Booij <auke@hasura.io>
GitOrigin-RevId: 268cdad529ad5d9bebeb5b881fda5413ea9d7715
2020-11-25 14:19:50 +00:00
Vishnu Bharathi P
58c44f55dd Merge oss/master onto mono/main
GitOrigin-RevId: 1c8c4d60e033c8a0bc8b2beed24c5bceb7d4bcc8
2020-11-12 22:37:19 +05:30
Vishnu Bharathi P
666058ab7f oss: renames dot files and folders
GitOrigin-RevId: 540aeec3be091e1cfb7b05a988f50445534ed663
2020-11-12 22:37:19 +05:30
Antoine Leblanc
70303a5a68
server: post-pdv Insert IR cleanup (#6162)
https://github.com/hasura/graphql-engine/pull/6162
2020-11-11 17:06:38 +00:00
Antoine Leblanc
fd5f64e1ed
server: remove postgres-specific code from OrderBy IR (#6150)
https://github.com/hasura/graphql-engine/pull/6150
2020-11-10 17:04:50 +00:00
Antoine Leblanc
d769a7536e
server: remove postgres-specific code in Insert IR (#6149)
https://github.com/hasura/graphql-engine/pull/6149
2020-11-10 11:04:31 +00:00
Antoine Leblanc
7960cd1c87
server: generalize table name IR (#6127)
https://github.com/hasura/graphql-engine/pull/6127
2020-11-10 07:50:26 +00:00
Antoine Leblanc
39843e48f2
server: split RQL.Types.DML (#6101)
https://github.com/hasura/graphql-engine/pull/6101
2020-11-09 10:03:38 +00:00
Antoine Leblanc
faf321ce17
server: generalize SQLExp in RQL.IR (#6091)
https://github.com/hasura/graphql-engine/pull/6091
2020-11-04 10:50:56 +00:00
Antoine Leblanc
88bd2ed022
server: generalize BoolExp (#6082)
https://github.com/hasura/graphql-engine/pull/6082
2020-11-02 11:50:40 +00:00
Antoine Leblanc
61c990f177
server: split RQL.DML into four different parts (#6072)
* WIP: shuffle everything around

* remove all unused imports & unused top-level binds

* move types to IR subfolder

* revert unrelated changes to Query and Prepare

* reduce differences in remote join, deprecate Translate module

* clean mutation module

* cosmetic: code formatting

* moved some RQL-specific stuff out of IR

* fix misc compilation issues

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2020-10-29 16:58:13 +00:00
Karthikeyan Chinnakonda
2cb08a89cb
server: customize tracking tables with a custom name (#5719)
https://github.com/hasura/graphql-engine/pull/5719
2020-10-29 12:48:45 +00:00
Karthikeyan Chinnakonda
562b6ac43a
Server: support remote relationships to unions, interfaces and enum types (#6080)
* add support for joining to remote interface and union fields

* add test for making a remote relationship with an Union type

* add CHANGELOG

* remove the pretty-simple library

* remove unused imports from Remote.hs

* Apply suggestions from code review

Co-authored-by: Brandon Simmons <brandon.m.simmons@gmail.com>

* support remote relationships against enum fields as well

* update CHANGELOG

Co-authored-by: Brandon Simmons <brandon.m.simmons@gmail.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2020-10-29 17:00:19 +05:30
Antoine Leblanc
8b577adfae
move NonEmptyText out of RQL.Types.Common (#6086) 2020-10-29 00:04:21 +00:00
Auke Booij
0540b279db
server: make more use of hlint (#6059)
https://github.com/hasura/graphql-engine/pull/6059
2020-10-28 16:40:33 +00:00
Antoine Leblanc
a8ed6a82e2
server: move Hasura.SQL to Hasura.Backends.Postgres (#6053)
https://github.com/hasura/graphql-engine/pull/6053
2020-10-27 13:53:49 +00:00
Auke Booij
8d0afb6f92
server: SQL that grows (#6003)
Add a backend type extension parameter to some RQL types, following the ideas of the paper "Trees that grow" (Najd & Jones 2016)

Co-authored-by: Antoine Leblanc <antoine@hasura.io>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2020-10-22 22:42:27 +02:00
Antoine Leblanc
91d8a7ab61 remove SQL.Text, clean text functions 2020-10-22 14:07:48 +01:00
Antoine Leblanc
d9d2728a32 removed unused imports, remove warnings 2020-10-22 14:07:48 +01:00
Antoine Leblanc
f46f807942 clean SQL text functions 2020-10-22 14:07:47 +01:00
Karthikeyan Chinnakonda
3ea611f9fd
Server: Validate remote schema queries (#5938)
* [skip ci] use the args while making the fieldParser

* modify the execution part of the remote queries

* parse union queries deeply

* add test for remote schema field validation

* add tests for validating remote query arguments


Co-authored-by: Auke Booij <auke@hasura.io>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2020-10-13 14:03:11 +05:30