mirror of
https://github.com/hasura/graphql-engine.git
synced 2025-01-07 08:13:18 +03:00
cdac24c79f
What is the `Cacheable` type class about? ```haskell class Eq a => Cacheable a where unchanged :: Accesses -> a -> a -> Bool default unchanged :: (Generic a, GCacheable (Rep a)) => Accesses -> a -> a -> Bool unchanged accesses a b = gunchanged (from a) (from b) accesses ``` Its only method is an alternative to `(==)`. The added value of `unchanged` (and the additional `Accesses` argument) arises _only_ for one type, namely `Dependency`. Indeed, the `Cacheable (Dependency a)` instance is non-trivial, whereas every other `Cacheable` instance is completely boilerplate (and indeed either generated from `Generic`, or simply `unchanged _ = (==)`). The `Cacheable (Dependency a)` instance is the only one where the `Accesses` argument is not just passed onwards. The only callsite of the `unchanged` method is in the `ArrowCache (Rule m)` method. That is to say that the `Cacheable` type class is used to decide when we can re-use parts of the schema cache between Metadata operations. So what is the `Cacheable (Dependency a)` instance about? Normally, the output of a `Rule m a b` is re-used when the new input (of type `a`) is equal to the old one. But sometimes, that's too coarse: it might be that a certain `Rule m a b` only depends on a small part of its input of type `a`. A `Dependency` allows us to spell out what parts of `a` are being depended on, and these parts are recorded as values of types `Access a` in the state `Accesses`. If the input `a` changes, but not in a way that touches the recorded `Accesses`, then the output `b` of that rule can be re-used without recomputing. So now you understand _why_ we're passing `Accesses` to the `unchanged` method: `unchanged` is an equality check in disguise that just needs some additional context. But we don't need to pass `Accesses` as a function argument. We can use the `reflection` package to pass it as type-level context. So the core of this PR is that we change the instance declaration from ```haskell instance (Cacheable a) => Cacheable (Dependency a) where ``` to ```haskell instance (Given Accesses, Eq a) => Eq (Dependency a) where ``` and use `(==)` instead of `unchanged`. If you haven't seen `reflection` before: it's like a `MonadReader`, but it doesn't require a `Monad`. In order to pass the current `Accesses` value, instead of simply passing the `Accesses` as a function argument, we need to instantiate the `Given Accesses` context. We use the `give` method from the `reflection` package for that. ```haskell give :: forall r. Accesses -> (Given Accesses => r) -> r unchanged :: (Given Accesses => Eq a) => Accesses -> a -> a -> Bool unchanged accesses a b = give accesses (a == b) ``` With these three components in place, we can delete the `Cacheable` type class entirely. The remainder of this PR is just to remove the `Cacheable` type class and its instances. PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6877 GitOrigin-RevId: 7125f5e11d856e7672ab810a23d5bf5ad176e77f
114 lines
3.8 KiB
Haskell
114 lines
3.8 KiB
Haskell
{-# LANGUAGE TemplateHaskell #-}
|
|
|
|
module Hasura.RemoteSchema.MetadataAPI.Permission
|
|
( AddRemoteSchemaPermission (..),
|
|
DropRemoteSchemaPermissions (..),
|
|
runDropRemoteSchemaPermissions,
|
|
runAddRemoteSchemaPermissions,
|
|
)
|
|
where
|
|
|
|
import Control.Lens ((^.))
|
|
import Data.Aeson.TH qualified as J
|
|
import Data.HashMap.Strict qualified as Map
|
|
import Data.Text.Extended
|
|
import Hasura.Base.Error
|
|
import Hasura.EncJSON
|
|
import Hasura.GraphQL.Schema.Options qualified as Options
|
|
import Hasura.Prelude
|
|
import Hasura.RQL.Types.Common
|
|
import Hasura.RQL.Types.Metadata
|
|
import Hasura.RQL.Types.Metadata.Object
|
|
import Hasura.RQL.Types.SchemaCache
|
|
import Hasura.RQL.Types.SchemaCache.Build
|
|
import Hasura.RemoteSchema.Metadata
|
|
import Hasura.RemoteSchema.SchemaCache.Permission
|
|
import Hasura.Server.Types
|
|
import Hasura.Session
|
|
|
|
data AddRemoteSchemaPermission = AddRemoteSchemaPermission
|
|
{ _arspRemoteSchema :: RemoteSchemaName,
|
|
_arspRole :: RoleName,
|
|
_arspDefinition :: RemoteSchemaPermissionDefinition,
|
|
_arspComment :: Maybe Text
|
|
}
|
|
deriving (Show, Eq, Generic)
|
|
|
|
instance NFData AddRemoteSchemaPermission
|
|
|
|
$(J.deriveJSON hasuraJSON ''AddRemoteSchemaPermission)
|
|
|
|
data DropRemoteSchemaPermissions = DropRemoteSchemaPermissions
|
|
{ _drspRemoteSchema :: RemoteSchemaName,
|
|
_drspRole :: RoleName
|
|
}
|
|
deriving (Show, Eq, Generic)
|
|
|
|
instance NFData DropRemoteSchemaPermissions
|
|
|
|
$(J.deriveJSON hasuraJSON ''DropRemoteSchemaPermissions)
|
|
|
|
runAddRemoteSchemaPermissions ::
|
|
( QErrM m,
|
|
CacheRWM m,
|
|
HasServerConfigCtx m,
|
|
MetadataM m
|
|
) =>
|
|
AddRemoteSchemaPermission ->
|
|
m EncJSON
|
|
runAddRemoteSchemaPermissions q = do
|
|
metadata <- getMetadata
|
|
remoteSchemaPermsCtx <- _sccRemoteSchemaPermsCtx <$> askServerConfigCtx
|
|
unless (remoteSchemaPermsCtx == Options.EnableRemoteSchemaPermissions) $ do
|
|
throw400 ConstraintViolation $
|
|
"remote schema permissions can only be added when "
|
|
<> "remote schema permissions are enabled in the graphql-engine"
|
|
remoteSchemaMap <- scRemoteSchemas <$> askSchemaCache
|
|
remoteSchemaCtx <-
|
|
onNothing (Map.lookup name remoteSchemaMap) $
|
|
throw400 NotExists $
|
|
"remote schema " <> name <<> " doesn't exist"
|
|
when (doesRemoteSchemaPermissionExist metadata name role) $
|
|
throw400 AlreadyExists $
|
|
"permissions for role: "
|
|
<> role <<> " for remote schema:"
|
|
<> name <<> " already exists"
|
|
void $ resolveRoleBasedRemoteSchema role name (_rscIntroOriginal remoteSchemaCtx) providedSchemaDoc
|
|
buildSchemaCacheFor (MORemoteSchemaPermissions name role) $
|
|
MetadataModifier $
|
|
metaRemoteSchemas . ix name . rsmPermissions %~ (:) remoteSchemaPermMeta
|
|
pure successMsg
|
|
where
|
|
AddRemoteSchemaPermission name role defn comment = q
|
|
|
|
remoteSchemaPermMeta = RemoteSchemaPermissionMetadata role defn comment
|
|
|
|
providedSchemaDoc = _rspdSchema defn
|
|
|
|
doesRemoteSchemaPermissionExist :: Metadata -> RemoteSchemaName -> RoleName -> Bool
|
|
doesRemoteSchemaPermissionExist metadata remoteSchemaName roleName =
|
|
any ((== roleName) . _rspmRole) $ metadata ^. (metaRemoteSchemas . ix remoteSchemaName . rsmPermissions)
|
|
|
|
runDropRemoteSchemaPermissions ::
|
|
( QErrM m,
|
|
CacheRWM m,
|
|
MetadataM m
|
|
) =>
|
|
DropRemoteSchemaPermissions ->
|
|
m EncJSON
|
|
runDropRemoteSchemaPermissions (DropRemoteSchemaPermissions name roleName) = do
|
|
metadata <- getMetadata
|
|
remoteSchemaMap <- scRemoteSchemas <$> askSchemaCache
|
|
void $
|
|
onNothing (Map.lookup name remoteSchemaMap) $
|
|
throw400 NotExists $
|
|
"remote schema " <> name <<> " doesn't exist"
|
|
unless (doesRemoteSchemaPermissionExist metadata name roleName) $
|
|
throw400 NotExists $
|
|
"permissions for role: "
|
|
<> roleName <<> " for remote schema:"
|
|
<> name <<> " doesn't exist"
|
|
buildSchemaCacheFor (MORemoteSchemaPermissions name roleName) $
|
|
dropRemoteSchemaPermissionInMetadata name roleName
|
|
pure successMsg
|