feat: adds policies to each table

This change adds a new array of policies to each table. The policies are used for Row Level Security

Author: kiwicopple

src/api/tables.ts

@@ -1,7 +1,7 @@
 import { Router } from 'express'
 
 import sql = require('../lib/sql')
-const { columns, grants, primary_keys, relationships, tables } = sql
+const { columns, grants, policies, primary_keys, relationships, tables } = sql
 import { coalesceRowsToArray, formatColumns } from '../lib/helpers'
 import { RunQuery } from '../lib/connectionPool'
 import { DEFAULT_SYSTEM_SCHEMAS } from '../lib/constants'
@@ -15,11 +15,13 @@ WITH tables AS ( ${tables} ),
 columns AS ( ${columns} ),
 grants AS ( ${grants} ),
 primary_keys AS ( ${primary_keys} ),
+policies AS ( ${policies} ),
 relationships AS ( ${relationships} )
 SELECT
   *,
   ${coalesceRowsToArray('columns', 'SELECT * FROM columns WHERE columns.table_id = tables.id')},
   ${coalesceRowsToArray('grants', 'SELECT * FROM grants WHERE grants.table_id = tables.id')},
+  ${coalesceRowsToArray('policies', 'SELECT * FROM policies WHERE policies.table_id = tables.id')},
   ${coalesceRowsToArray(
     'primary_keys',
     'SELECT * FROM primary_keys WHERE primary_keys.table_id = tables.id'

src/lib/sql/index.ts

@@ -6,6 +6,7 @@ export = {
   config: fs.readFileSync(path.join(__dirname, '/config.sql')).toString(),
   constraints: fs.readFileSync(path.join(__dirname, '/constraints.sql')).toString(),
   extensions: fs.readFileSync(path.join(__dirname, '/extensions.sql')).toString(),
+  functions: fs.readFileSync(path.join(__dirname, '/functions.sql')).toString(),
   grants: fs.readFileSync(path.join(__dirname, '/grants.sql')).toString(),
   joins: fs.readFileSync(path.join(__dirname, '/joins.sql')).toString(),
   primary_keys: fs.readFileSync(path.join(__dirname, '/primary_keys.sql')).toString(),

src/lib/sql/policies.sql

@@ -1,14 +1,17 @@
-SELECT
-  n.nspname AS schemaname,
-  c.relname AS tablename,
-  pol.polname AS policyname,
+select
+  n.oid as id,
+  n.nspname AS schema,
+  c.relname AS table,
+  c.oid AS table_id,
+  pol.polname AS name,
   CASE
     WHEN pol.polpermissive THEN 'PERMISSIVE' :: text
     ELSE 'RESTRICTIVE' :: text
   END AS permissive,
   CASE
-    WHEN pol.polroles = '{0}' :: oid [] THEN string_to_array('public' :: text, '' :: text) :: name []
-    ELSE ARRAY(
+    WHEN pol.polroles = '{0}' :: oid [] 
+    THEN array_to_json(string_to_array('public' :: text, '' :: text) :: name [])
+    ELSE array_to_json(ARRAY(
       SELECT
         pg_authid.rolname
       FROM
@@ -17,7 +20,7 @@ SELECT
         pg_authid.oid = ANY (pol.polroles)
       ORDER BY
         pg_authid.rolname
-    )
+    ))
   END AS roles,
   CASE
     pol.polcmd
@@ -33,4 +36,4 @@ SELECT
 FROM
   pg_policy pol
   JOIN pg_class c ON c.oid = pol.polrelid
-  LEFT JOIN pg_namespace n ON n.oid = c.relnamespace
+  LEFT JOIN pg_namespace n ON n.oid = c.relnamespace

test/integration/index.spec.js

@@ -141,7 +141,7 @@ describe('/tables', async () => {
     assert.equal(true, !!datum)
     assert.equal(true, !notIncluded)
   })
-  it('should return the columns', async () => {
+  it('should return the columns, grants, and policies', async () => {
     const tables = await axios.get(`${URL}/tables`)
     const datum = tables.data.find((x) => `${x.schema}.${x.name}` === 'public.users')
     const idColumn = datum.columns.find((x) => x.name === 'id')
@@ -152,11 +152,8 @@ describe('/tables', async () => {
     assert.equal(idColumn.is_updatable, true)
     assert.equal(idColumn.is_identity, true)
     assert.equal(nameColumn.is_identity, false)
-  })
-  it('should return the grants', async () => {
-    const tables = await axios.get(`${URL}/tables`)
-    const datum = tables.data.find((x) => `${x.schema}.${x.name}` === 'public.users')
     assert.equal(datum.grants.length > 0, true)
+    assert.equal(datum.policies.length == 0, true)
   })
   it('should return the relationships', async () => {
     const tables = await axios.get(`${URL}/tables`)

test/postgres/mnt/01-memes.sql

@@ -1,8 +1,20 @@
+
+
 CREATE TABLE public.category (
 	id serial NOT NULL PRIMARY KEY,
 	name text NOT NULL
 );
 
+-- Fake policies
+grant select, update(name)
+on category
+to postgres;
+
+create policy categories_update_policy
+on category for update 
+to postgres
+using(current_setting('my.username') IN (name));
+
 INSERT INTO public.category (id, name) VALUES
 (1, 'Funny'),
 (2, 'Weird'),