Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added SECURITY DEFINER to sql #1857

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Added SECURITY DEFINER to sql #1857

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion IHP/IDE/SchemaDesigner/Compiler.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ compileStatement RenameColumn { tableName, from, to } = "ALTER TABLE " <> compil
compileStatement DropTable { tableName } = "DROP TABLE " <> compileIdentifier tableName <> ";"
compileStatement Comment { content } = "--" <> content
compileStatement CreateIndex { indexName, unique, tableName, columns, whereClause, indexType } = "CREATE" <> (if unique then " UNIQUE " else " ") <> "INDEX " <> compileIdentifier indexName <> " ON " <> compileIdentifier tableName <> (maybe "" (\indexType -> " USING " <> compileIndexType indexType) indexType) <> " (" <> (intercalate ", " (map compileIndexColumn columns)) <> ")" <> (case whereClause of Just expression -> " WHERE " <> compileExpression expression; Nothing -> "") <> ";"
compileStatement CreateFunction { functionName, functionArguments, functionBody, orReplace, returns, language } = "CREATE " <> (if orReplace then "OR REPLACE " else "") <> "FUNCTION " <> functionName <> "(" <> (functionArguments |> map (\(argName, argType) -> argName ++ " " ++ compilePostgresType argType) |> intercalate ", ") <> ")" <> " RETURNS " <> compilePostgresType returns <> " AS $$" <> functionBody <> "$$ language " <> language <> ";"
compileStatement CreateFunction { functionName, functionArguments, functionBody, orReplace, returns, language, securityDefiner } = "CREATE " <> (if orReplace then "OR REPLACE " else "") <> "FUNCTION " <> functionName <> "(" <> (functionArguments |> map (\(argName, argType) -> argName ++ " " ++ compilePostgresType argType) |> intercalate ", ") <> ")" <> " RETURNS " <> compilePostgresType returns <> compileSecurityDefiner securityDefiner <> " AS $$" <> functionBody <> "$$ language " <> language <> ";"
compileStatement EnableRowLevelSecurity { tableName } = "ALTER TABLE " <> compileIdentifier tableName <> " ENABLE ROW LEVEL SECURITY;"
compileStatement CreatePolicy { name, action, tableName, using, check } = "CREATE POLICY " <> compileIdentifier name <> " ON " <> compileIdentifier tableName <> maybe "" (\action -> " FOR " <> compilePolicyAction action) action <> maybe "" (\expr -> " USING (" <> compileExpression expr <> ")") using <> maybe "" (\expr -> " WITH CHECK (" <> compileExpression expr <> ")") check <> ";"
compileStatement CreateSequence { name } = "CREATE SEQUENCE " <> compileIdentifier name <> ";"
Expand Down Expand Up @@ -500,3 +500,7 @@ compileIndexColumnOrder Asc = "ASC"
compileIndexColumnOrder Desc = "DESC"
compileIndexColumnOrder NullsFirst = "NULLS FIRST"
compileIndexColumnOrder NullsLast = "NULLS LAST"

compileSecurityDefiner :: Bool -> Text
compileSecurityDefiner True = " SECURITY DEFINER"
compileSecurityDefiner False = ""
9 changes: 7 additions & 2 deletions IHP/IDE/SchemaDesigner/Parser.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -604,8 +604,13 @@ createFunction = do
lexeme "language" <|> lexeme "LANGUAGE"
symbol' "plpgsql" <|> symbol' "SQL"

securityDefiner <- isJust <$> optional do
lexeme "SECURITY"
lexeme "DEFINER"
pure True

lexeme "AS"
space
-- space
functionBody <- cs <$> between (char '$' >> char '$') (char '$' >> char '$') (many (anySingleBut '$'))
space

Expand All @@ -615,7 +620,7 @@ createFunction = do
lexeme "language" <|> lexeme "LANGUAGE"
symbol' "plpgsql" <|> symbol' "SQL"
char ';'
pure CreateFunction { functionName, functionArguments, functionBody, orReplace, returns, language }
pure CreateFunction { functionName, functionArguments, functionBody, orReplace, returns, language, securityDefiner }
where
functionArgument = do
argumentName <- qualifiedIdentifier
Expand Down
1 change: 1 addition & 0 deletions IHP/IDE/SchemaDesigner/SchemaOperations.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -525,6 +525,7 @@ addUpdatedAtTrigger tableName schema =
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

deleteTriggerIfExists :: Text -> [Statement] -> [Statement]
Expand Down
2 changes: 1 addition & 1 deletion IHP/IDE/SchemaDesigner/Types.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ data Statement
-- | DROP INDEX indexName;
| DropIndex { indexName :: Text }
-- | CREATE OR REPLACE FUNCTION functionName(param1 TEXT, param2 INT) RETURNS TRIGGER AS $$functionBody$$ language plpgsql;
| CreateFunction { functionName :: Text, functionArguments :: [(Text, PostgresType)], functionBody :: Text, orReplace :: Bool, returns :: PostgresType, language :: Text }
| CreateFunction { functionName :: Text, functionArguments :: [(Text, PostgresType)], functionBody :: Text, orReplace :: Bool, returns :: PostgresType, language :: Text, securityDefiner :: Bool }
-- | ALTER TABLE tableName ENABLE ROW LEVEL SECURITY;
| EnableRowLevelSecurity { tableName :: Text }
-- CREATE POLICY name ON tableName USING using WITH CHECK check;
Expand Down
1 change: 1 addition & 0 deletions Test/IDE/CodeGeneration/MigrationGenerator.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1314,6 +1314,7 @@ CREATE POLICY "Users can read and edit their own record" ON public.users USING (
, orReplace = False
, returns = PTrigger
, language = "PLPGSQL"
, securityDefiner = False
}]

it "should delete the updated_at trigger when the updated_at column is deleted" do
Expand Down
17 changes: 17 additions & 0 deletions Test/IDE/SchemaDesigner/CompilerSpec.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -749,6 +749,7 @@ tests = do
, orReplace = True
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

compileSql [statement] `shouldBe` sql
Expand All @@ -762,6 +763,7 @@ tests = do
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

compileSql [statement] `shouldBe` sql
Expand All @@ -775,6 +777,21 @@ tests = do
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

compileSql [statement] `shouldBe` sql

it "should compile a CREATE FUNCTION with SECURITY DEFINER" do
let sql = cs [plain|CREATE FUNCTION create_membership_for_new_organisation() RETURNS TRIGGER SECURITY DEFINER AS $$ BEGIN INSERT INTO organisation_memberships (user_id, organisation_id) VALUES (ihp_user_id(), NEW.id); RETURN NEW; END; $$ language plpgsql;\n|]
let statement = CreateFunction
{ functionName = "create_membership_for_new_organisation"
, functionArguments = []
, functionBody = " BEGIN INSERT INTO organisation_memberships (user_id, organisation_id) VALUES (ihp_user_id(), NEW.id); RETURN NEW; END; "
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = True
}

compileSql [statement] `shouldBe` sql
Expand Down
16 changes: 16 additions & 0 deletions Test/IDE/SchemaDesigner/ParserSpec.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -762,6 +762,7 @@ tests = do
, orReplace = True
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

it "should parse a CREATE FUNCTION ..() RETURNS TRIGGER .." do
Expand All @@ -772,6 +773,7 @@ tests = do
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

it "should parse a CREATE FUNCTION with parameters ..() RETURNS TRIGGER .." do
Expand All @@ -782,8 +784,21 @@ tests = do
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

it "should parse a CREATE FUNCTION with SECURITY DEFINER" do
parseSql "CREATE FUNCTION create_membership_for_new_organisation() RETURNS TRIGGER LANGUAGE plpgsql SECURITY DEFINER AS $$ BEGIN INSERT INTO organisation_memberships (user_id, organisation_id) VALUES (ihp_user_id(), NEW.id); RETURN NEW; END; $$ language plpgsql;" `shouldBe` CreateFunction
{ functionName = "create_membership_for_new_organisation"
, functionArguments = []
, functionBody = " BEGIN INSERT INTO organisation_memberships (user_id, organisation_id) VALUES (ihp_user_id(), NEW.id); RETURN NEW; END; "
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = True
}


it "should parse CREATE FUNCTION statements that are outputted by pg_dump" do
let sql = cs [plain|
CREATE FUNCTION public.notify_did_change_projects() RETURNS trigger
Expand All @@ -800,6 +815,7 @@ $$;
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}

it "should parse a decimal default value with a type-cast" do
Expand Down
2 changes: 2 additions & 0 deletions Test/IDE/SchemaDesigner/SchemaOperationsSpec.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ tests = do
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}
let trigger = CreateTrigger
{ name = "update_a_updated_at"
Expand Down Expand Up @@ -396,6 +397,7 @@ tests = do
, orReplace = False
, returns = PTrigger
, language = "plpgsql"
, securityDefiner = False
}
let trigger = CreateTrigger
{ name = "update_a_updated_at"
Expand Down
Loading