Fix documentation for DB relationships

2019-12-10 00:03:44 -05:00
parent 2d3e3cbae1
commit 66055516d2
10 changed files with 3427 additions and 3154 deletions
--- a/serv/config.go
+++ b/serv/config.go
@ -78,9 +78,10 @@ type config struct {

 	Tables []configTable

-	RolesQuery string `mapstructure:"roles_query"`
-	Roles      []configRole
-	roles      map[string]*configRole
+	RolesQuery  string `mapstructure:"roles_query"`
+	Roles       []configRole
+	roles       map[string]*configRole
+	abacEnabled bool
 }

 type configColumn struct {
@ -257,6 +258,21 @@ func (c *config) Init(vi *viper.Viper) error {
 		c.AuthFailBlock = true
 	}

+	if len(c.RolesQuery) == 0 {
+		c.abacEnabled = false
+	} else {
+		switch len(c.Roles) {
+		case 0, 1:
+			c.abacEnabled = false
+		case 2:
+			_, ok1 := c.roles["anon"]
+			_, ok2 := c.roles["user"]
+			c.abacEnabled = !(ok1 && ok2)
+		default:
+			c.abacEnabled = true
+		}
+	}
+
 	c.validate()

 	return nil
@ -305,21 +321,8 @@ func (c *config) getAliasMap() map[string][]string {
 	return m
 }

-func (c *config) isABCLEnabled() bool {
-	if len(c.RolesQuery) == 0 {
-		return false
-	}
-
-	switch len(c.Roles) {
-	case 0, 1:
-		return false
-	case 2:
-		_, ok1 := c.roles["anon"]
-		_, ok2 := c.roles["user"]
-		return !(ok1 && ok2)
-	}
-
-	return true
+func (c *config) isABACEnabled() bool {
+	return c.abacEnabled
 }

 func (c *config) isAnonRoleDefined() bool {
--- a/serv/core.go
+++ b/serv/core.go
@ -75,9 +75,8 @@ func (c *coreContext) resolvePreparedSQL() ([]byte, *stmt, error) {

 	qt := qcode.GetQType(c.req.Query)
 	mutation := (qt == qcode.QTMutation)
-	anonQuery := (qt == qcode.QTQuery && c.req.role == "anon")

-	useRoleQuery := conf.isABCLEnabled() && mutation
+	useRoleQuery := conf.isABACEnabled() && mutation
 	useTx := useRoleQuery || conf.DB.SetUserID

 	if useTx {
@ -127,10 +126,10 @@ func (c *coreContext) resolvePreparedSQL() ([]byte, *stmt, error) {
 		row = db.QueryRow(c.Context, ps.sd.SQL, vars...)
 	}

-	if mutation || anonQuery || !conf.isABCLEnabled() {
-		err = row.Scan(&root)
-	} else {
+	if ps.roleArg {
 		err = row.Scan(&role, &root)
+	} else {
+		err = row.Scan(&root)
 	}

 	if len(role) == 0 {
@ -151,7 +150,7 @@ func (c *coreContext) resolvePreparedSQL() ([]byte, *stmt, error) {
 		}
 	}

-	return root, ps.st, nil
+	return root, &ps.st, nil
 }

 func (c *coreContext) resolveSQL() ([]byte, *stmt, error) {
@ -160,9 +159,8 @@ func (c *coreContext) resolveSQL() ([]byte, *stmt, error) {

 	qt := qcode.GetQType(c.req.Query)
 	mutation := (qt == qcode.QTMutation)
-	//anonQuery := (qt == qcode.QTQuery && c.req.role == "anon")

-	useRoleQuery := len(conf.RolesQuery) != 0 && mutation
+	useRoleQuery := conf.isABACEnabled() && mutation
 	useTx := useRoleQuery || conf.DB.SetUserID

 	if useTx {
@ -220,10 +218,10 @@ func (c *coreContext) resolveSQL() ([]byte, *stmt, error) {
 		row = db.QueryRow(c.Context, finalSQL)
 	}

-	if len(stmts) == 1 {
-		err = row.Scan(&root)
-	} else {
+	if len(stmts) > 1 {
 		err = row.Scan(&role, &root)
+	} else {
+		err = row.Scan(&root)
 	}

 	if len(role) == 0 {
--- a/serv/core_build.go
+++ b/serv/core_build.go
@ -28,7 +28,7 @@ func buildStmt(qt qcode.QType, gql, vars []byte, role string) ([]stmt, error) {
 			return buildRoleStmt(gql, vars, "anon")
 		}

-		if conf.isABCLEnabled() {
+		if conf.isABACEnabled() {
 			return buildMultiStmt(gql, vars)
 		}

--- a/serv/prepare.go
+++ b/serv/prepare.go
@ -13,9 +13,10 @@ import (
 )

 type preparedItem struct {
-	sd   *pgconn.StatementDescription
-	args [][]byte
-	st   *stmt
+	sd      *pgconn.StatementDescription
+	args    [][]byte
+	st      stmt
+	roleArg bool
 }

 var (
@ -80,7 +81,7 @@ func prepareStmt(gql string, vars []byte) error {
 		var stmts1 []stmt
 		var err error

-		if conf.isABCLEnabled() {
+		if conf.isABACEnabled() {
 			stmts1, err = buildMultiStmt(q, vars)
 		} else {
 			stmts1, err = buildRoleStmt(q, vars, "user")
@ -90,7 +91,7 @@ func prepareStmt(gql string, vars []byte) error {
 			return err
 		}

-		err = prepare(tx, &stmts1[0], gqlHash(gql, vars, "user"))
+		err = prepare(tx, stmts1, gqlHash(gql, vars, "user"))
 		if err != nil {
 			return err
 		}
@ -101,7 +102,7 @@ func prepareStmt(gql string, vars []byte) error {
 				return err
 			}

-			err = prepare(tx, &stmts2[0], gqlHash(gql, vars, "anon"))
+			err = prepare(tx, stmts2, gqlHash(gql, vars, "anon"))
 			if err != nil {
 				return err
 			}
@ -114,7 +115,7 @@ func prepareStmt(gql string, vars []byte) error {
 				return err
 			}

-			err = prepare(tx, &stmts[0], gqlHash(gql, vars, role.Name))
+			err = prepare(tx, stmts, gqlHash(gql, vars, role.Name))
 			if err != nil {
 				return err
 			}
@ -134,8 +135,8 @@ func prepareStmt(gql string, vars []byte) error {
 	return nil
 }

-func prepare(tx pgx.Tx, st *stmt, key string) error {
-	finalSQL, am := processTemplate(st.sql)
+func prepare(tx pgx.Tx, st []stmt, key string) error {
+	finalSQL, am := processTemplate(st[0].sql)

 	sd, err := tx.Prepare(context.Background(), "", finalSQL)
 	if err != nil {
@ -143,16 +144,17 @@ func prepare(tx pgx.Tx, st *stmt, key string) error {
 	}

 	_preparedList[key] = &preparedItem{
-		sd:   sd,
-		args: am,
-		st:   st,
+		sd:      sd,
+		args:    am,
+		st:      st[0],
+		roleArg: len(st) > 1,
 	}
 	return nil
 }

 // nolint: errcheck
 func prepareRoleStmt(tx pgx.Tx) error {
-	if !conf.isABCLEnabled() {
+	if !conf.isABACEnabled() {
 		return nil
 	}