pg-introspection
Advanced tools
pg-introspection - npm Package Compare versions
Comparing version 0.0.1-beta.3 to 0.0.1-beta.4
| # pg-introspection | ||
| ## 0.0.1-beta.4 | ||
| ### Patch Changes | ||
| - [#1801](https://github.com/graphile/crystal/pull/1801) | ||
| [`2d447a6b4`](https://github.com/graphile/crystal/commit/2d447a6b45d7db2813bd957f412cd959e2185759) | ||
| Thanks [@benjie](https://github.com/benjie)! - Fix bug where the owner of a | ||
| database object wasn't seen as having any privileges. | ||
| ## 0.0.1-beta.3 | ||
@@ -4,0 +13,0 @@ |
@@ -1,2 +0,2 @@ | ||
| import type { Introspection, PgClass, PgRoles } from "./introspection.js"; | ||
| import type { Introspection, PgClass, PgEntity, PgRoles } from "./introspection.js"; | ||
| /** | ||
@@ -150,3 +150,6 @@ * A fake 'pg_roles' record representing the 'public' meta-role. | ||
| */ | ||
| export declare function resolvePermissions(introspection: Introspection, acls: AclObject[], role: PgRoles, includeNoInherit?: boolean): ResolvedPermissions; | ||
| export declare function resolvePermissions(introspection: Introspection, acls: AclObject[], role: PgRoles, includeNoInherit?: boolean, isOwnerAndHasNoExplicitACLs?: boolean): ResolvedPermissions; | ||
| export declare function entityPermissions(introspection: Introspection, entity: Extract<PgEntity, { | ||
| getACL(): readonly AclObject[]; | ||
| }>, role: PgRoles, includeNoInherit?: boolean): ResolvedPermissions; | ||
| //# sourceMappingURL=acl.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.resolvePermissions = exports.aclContainsRole = exports.expandRoles = exports.aclsForTable = exports.Permission = exports.parseAcls = exports.OBJECT_TYPE = exports.OBJECT_DOMAIN = exports.OBJECT_FOREIGN_SERVER = exports.OBJECT_FDW = exports.OBJECT_TABLESPACE = exports.OBJECT_SCHEMA = exports.OBJECT_LARGEOBJECT = exports.OBJECT_LANGUAGE = exports.OBJECT_FUNCTION = exports.OBJECT_DATABASE = exports.OBJECT_SEQUENCE = exports.OBJECT_TABLE = exports.OBJECT_ATTRIBUTE = exports.emptyAclObject = exports.serializeAcl = exports.parseAcl = exports.PUBLIC_ROLE = void 0; | ||
| exports.entityPermissions = exports.resolvePermissions = exports.aclContainsRole = exports.expandRoles = exports.aclsForTable = exports.Permission = exports.parseAcls = exports.OBJECT_TYPE = exports.OBJECT_DOMAIN = exports.OBJECT_FOREIGN_SERVER = exports.OBJECT_FDW = exports.OBJECT_TABLESPACE = exports.OBJECT_SCHEMA = exports.OBJECT_LARGEOBJECT = exports.OBJECT_LANGUAGE = exports.OBJECT_FUNCTION = exports.OBJECT_DATABASE = exports.OBJECT_SEQUENCE = exports.OBJECT_TABLE = exports.OBJECT_ATTRIBUTE = exports.emptyAclObject = exports.serializeAcl = exports.parseAcl = exports.PUBLIC_ROLE = void 0; | ||
| /** | ||
@@ -337,33 +337,36 @@ * A fake 'pg_roles' record representing the 'public' meta-role. | ||
| */ | ||
| function resolvePermissions(introspection, acls, role, includeNoInherit = false) { | ||
| function resolvePermissions(introspection, acls, role, includeNoInherit = false, isOwnerAndHasNoExplicitACLs = false) { | ||
| const expandedRoles = expandRoles(introspection, [role], includeNoInherit); | ||
| const isSuperuser = expandedRoles.some((role) => role.rolsuper); | ||
| // Just as in life, you start with nothing... | ||
| // Superusers have all permissions. An owner of an object has all permissions | ||
| // _unless_ there's a specific ACL for that owner. In all other cases, just as | ||
| // in life, you start with nothing... | ||
| const grantAll = isSuperuser || isOwnerAndHasNoExplicitACLs; | ||
| const permissions = { | ||
| select: isSuperuser, | ||
| selectGrant: isSuperuser, | ||
| update: isSuperuser, | ||
| updateGrant: isSuperuser, | ||
| insert: isSuperuser, | ||
| insertGrant: isSuperuser, | ||
| delete: isSuperuser, | ||
| deleteGrant: isSuperuser, | ||
| truncate: isSuperuser, | ||
| truncateGrant: isSuperuser, | ||
| references: isSuperuser, | ||
| referencesGrant: isSuperuser, | ||
| trigger: isSuperuser, | ||
| triggerGrant: isSuperuser, | ||
| execute: isSuperuser, | ||
| executeGrant: isSuperuser, | ||
| usage: isSuperuser, | ||
| usageGrant: isSuperuser, | ||
| create: isSuperuser, | ||
| createGrant: isSuperuser, | ||
| connect: isSuperuser, | ||
| connectGrant: isSuperuser, | ||
| temporary: isSuperuser, | ||
| temporaryGrant: isSuperuser, | ||
| select: grantAll, | ||
| selectGrant: grantAll, | ||
| update: grantAll, | ||
| updateGrant: grantAll, | ||
| insert: grantAll, | ||
| insertGrant: grantAll, | ||
| delete: grantAll, | ||
| deleteGrant: grantAll, | ||
| truncate: grantAll, | ||
| truncateGrant: grantAll, | ||
| references: grantAll, | ||
| referencesGrant: grantAll, | ||
| trigger: grantAll, | ||
| triggerGrant: grantAll, | ||
| execute: grantAll, | ||
| executeGrant: grantAll, | ||
| usage: grantAll, | ||
| usageGrant: grantAll, | ||
| create: grantAll, | ||
| createGrant: grantAll, | ||
| connect: grantAll, | ||
| connectGrant: grantAll, | ||
| temporary: grantAll, | ||
| temporaryGrant: grantAll, | ||
| }; | ||
| if (isSuperuser) { | ||
| if (grantAll) { | ||
| return permissions; | ||
@@ -406,2 +409,19 @@ } | ||
| exports.resolvePermissions = resolvePermissions; | ||
| function entityPermissions(introspection, entity, role, includeNoInherit = false) { | ||
| const acls = entity.getACL(); | ||
| const owner = entity._type === "PgAttribute" | ||
| ? entity.getClass()?.getOwner() | ||
| : entity.getOwner(); | ||
| // If the role is the owner, and no explicit ACLs have been granted to this role, then the owner has all privileges. | ||
| const isOwnerAndHasNoExplicitACLs = owner && | ||
| owner === role && | ||
| !acls.some((acl) => acl.role === owner.rolname) && | ||
| (entity._type !== "PgAttribute" || | ||
| !entity | ||
| .getClass() | ||
| ?.getACL() | ||
| .some((acl) => acl.role === owner.rolname)); | ||
| return resolvePermissions(introspection, acls, role, includeNoInherit, isOwnerAndHasNoExplicitACLs); | ||
| } | ||
| exports.entityPermissions = entityPermissions; | ||
| //# sourceMappingURL=acl.js.map |
@@ -119,5 +119,8 @@ "use strict"; | ||
| introspection.getLanguage = (by) => introspection.languages.find((c) => c._id === by.id); | ||
| introspection.database.getDba = memo(() => getRole(introspection.database.datdba)); | ||
| introspection.database._type = "PgDatabase"; | ||
| introspection.database.getOwner = memo(() => getRole(introspection.database.datdba)); | ||
| introspection.database.getDba = introspection.database.getOwner; | ||
| introspection.database.getACL = memo(() => (0, acl_js_1.parseAcls)(introspection, introspection.database.datacl, introspection.database.datdba, acl_js_1.OBJECT_DATABASE)); | ||
| introspection.namespaces.forEach((entity) => { | ||
| entity._type = "PgNamespace"; | ||
| entity.getOwner = memo(() => getRole(entity.nspowner)); | ||
@@ -135,2 +138,3 @@ entity.getDescription = memo(() => getDescription(PG_NAMESPACE, entity._id)); | ||
| introspection.classes.forEach((entity) => { | ||
| entity._type = "PgClass"; | ||
| entity.getNamespace = memo(() => getNamespace(entity.relnamespace)); | ||
@@ -162,2 +166,3 @@ entity.getType = memo(() => getType(entity.reltype)); | ||
| introspection.indexes.forEach((entity) => { | ||
| entity._type = "PgIndex"; | ||
| entity.getIndexClass = memo(() => getClass(entity.indexrelid)); | ||
@@ -173,2 +178,3 @@ entity.getClass = memo(() => getClass(entity.indrelid)); | ||
| introspection.attributes.forEach((entity) => { | ||
| entity._type = "PgAttribute"; | ||
| entity.getClass = memo(() => getClass(entity.attrelid)); | ||
@@ -182,2 +188,3 @@ entity.getType = memo(() => getType(entity.atttypid)); | ||
| introspection.constraints.forEach((entity) => { | ||
| entity._type = "PgConstraint"; | ||
| entity.getNamespace = memo(() => getNamespace(entity.connamespace)); | ||
@@ -237,2 +244,3 @@ entity.getClass = memo(() => getClass(entity.conrelid)); | ||
| introspection.procs.forEach((entity) => { | ||
| entity._type = "PgProc"; | ||
| entity.getNamespace = memo(() => getNamespace(entity.pronamespace)); | ||
@@ -312,2 +320,3 @@ entity.getOwner = memo(() => getRole(entity.proowner)); | ||
| introspection.types.forEach((entity) => { | ||
| entity._type = "PgType"; | ||
| entity.getNamespace = memo(() => getNamespace(entity.typnamespace)); | ||
@@ -325,2 +334,3 @@ entity.getOwner = memo(() => getRole(entity.typowner)); | ||
| introspection.enums.forEach((entity) => { | ||
| entity._type = "PgEnum"; | ||
| entity.getType = memo(() => getType(entity.enumtypid)); | ||
@@ -336,2 +346,3 @@ // Postgres doesn't support comments on enum values right now, but we still | ||
| introspection.ranges.forEach((entity) => { | ||
| entity._type = "PgRange"; | ||
| entity.getType = memo(() => getType(entity.rngtypid)); | ||
@@ -338,0 +349,0 @@ entity.getSubType = memo(() => getType(entity.rngsubtype)); |
| import type { Introspection, PgAttribute, PgAuthMembers, PgClass, PgConstraint, PgDatabase, PgDepend, PgDescription, PgEnum, PgExtension, PgIndex, PgInherits, PgLanguage, PgNamespace, PgProc, PgProcArgument, PgRange, PgRoles, PgType } from "./introspection.js"; | ||
| export { makeIntrospectionQuery } from "./introspection.js"; | ||
| import type { AclObject } from "./acl.js"; | ||
| import { aclContainsRole, expandRoles, resolvePermissions } from "./acl.js"; | ||
| import { aclContainsRole, entityPermissions, expandRoles, resolvePermissions } from "./acl.js"; | ||
| import type { PgSmartTagsAndDescription, PgSmartTagsDict } from "./smartComments.js"; | ||
| export { parseSmartComment } from "./smartComments.js"; | ||
| export { Introspection, PgAttribute, PgAuthMembers, PgClass, PgConstraint, PgDatabase, PgDepend, PgDescription, PgEnum, PgExtension, PgIndex, PgInherits, PgLanguage, PgNamespace, PgProc, PgProcArgument, PgRange, PgRoles, PgType, }; | ||
| export { aclContainsRole, AclObject, expandRoles, resolvePermissions }; | ||
| export { aclContainsRole, AclObject, entityPermissions, expandRoles, resolvePermissions, }; | ||
| export declare function parseIntrospectionResults(introspectionResults: string, includeExtensionResources?: boolean): Introspection; | ||
@@ -56,6 +56,10 @@ export { PgSmartTagsAndDescription, PgSmartTagsDict }; | ||
| interface PgDatabase { | ||
| _type: "PgDatabase"; | ||
| /** @deprecated Use getOwner instead */ | ||
| getDba(): PgRoles | undefined; | ||
| getOwner(): PgRoles | undefined; | ||
| getACL(): AclObject[]; | ||
| } | ||
| interface PgNamespace { | ||
| _type: "PgNamespace"; | ||
| getOwner(): PgRoles | undefined; | ||
@@ -78,2 +82,3 @@ getDescription(): string | undefined; | ||
| interface PgClass { | ||
| _type: "PgClass"; | ||
| getNamespace(): PgNamespace | undefined; | ||
@@ -100,2 +105,3 @@ getType(): PgType | undefined; | ||
| interface PgIndex { | ||
| _type: "PgIndex"; | ||
| /** | ||
@@ -116,2 +122,3 @@ * Get the class that represents this index. | ||
| interface PgAttribute { | ||
| _type: "PgAttribute"; | ||
| getClass(): PgClass | undefined; | ||
@@ -126,2 +133,3 @@ getType(): PgType | undefined; | ||
| interface PgConstraint { | ||
| _type: "PgConstraint"; | ||
| getNamespace(): PgNamespace | undefined; | ||
@@ -139,2 +147,3 @@ getClass(): PgClass | undefined; | ||
| interface PgProc { | ||
| _type: "PgProc"; | ||
| getNamespace(): PgNamespace | undefined; | ||
@@ -151,2 +160,3 @@ getOwner(): PgRoles | undefined; | ||
| interface PgType { | ||
| _type: "PgType"; | ||
| getNamespace(): PgNamespace | undefined; | ||
@@ -165,2 +175,3 @@ getOwner(): PgRoles | undefined; | ||
| interface PgEnum { | ||
| _type: "PgEnum"; | ||
| getType(): PgType | undefined; | ||
@@ -172,2 +183,3 @@ getTagsAndDescription(): PgSmartTagsAndDescription; | ||
| interface PgRange { | ||
| _type: "PgRange"; | ||
| getType(): PgType | undefined; | ||
@@ -174,0 +186,0 @@ getSubType(): PgType | undefined; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.parseIntrospectionResults = exports.resolvePermissions = exports.expandRoles = exports.aclContainsRole = exports.parseSmartComment = exports.makeIntrospectionQuery = void 0; | ||
| exports.parseIntrospectionResults = exports.resolvePermissions = exports.expandRoles = exports.entityPermissions = exports.aclContainsRole = exports.parseSmartComment = exports.makeIntrospectionQuery = void 0; | ||
| var introspection_js_1 = require("./introspection.js"); | ||
@@ -8,2 +8,3 @@ Object.defineProperty(exports, "makeIntrospectionQuery", { enumerable: true, get: function () { return introspection_js_1.makeIntrospectionQuery; } }); | ||
| Object.defineProperty(exports, "aclContainsRole", { enumerable: true, get: function () { return acl_js_1.aclContainsRole; } }); | ||
| Object.defineProperty(exports, "entityPermissions", { enumerable: true, get: function () { return acl_js_1.entityPermissions; } }); | ||
| Object.defineProperty(exports, "expandRoles", { enumerable: true, get: function () { return acl_js_1.expandRoles; } }); | ||
@@ -10,0 +11,0 @@ Object.defineProperty(exports, "resolvePermissions", { enumerable: true, get: function () { return acl_js_1.resolvePermissions; } }); |
| { | ||
| "name": "pg-introspection", | ||
| "version": "0.0.1-beta.3", | ||
| "version": "0.0.1-beta.4", | ||
| "description": "Strongly typed PostgreSQL introspection library", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.53%
178356
- Lines of code
- increased by1.94%
2467