Support SeaORM RBAC (#212)

* Support rbac: unrestricted by default

* Use generic inplace of RestrictedConnection in public API

* guard behind feature flag `rbac`

Author: tyt2y3

.github/workflows/tests.yaml

@@ -82,7 +82,9 @@ jobs:
       - name: Additional Integration tests
         working-directory: ./examples/sqlite
         run: |
-          cargo test --tests custom_
+          cargo test --test custom_query_tests
+          cargo test --test custom_mutation_tests
+          cargo test --test query_tests --features=rbac
           cargo test --test plural_query_tests --features=field-pluralize
           cargo test --test entity_filter_tests --features=field-pluralize
           rm tests/custom_mutation_tests.rs tests/custom_query_tests.rs tests/plural_query_tests.rs

Cargo.toml

@@ -30,6 +30,7 @@ pluralizer = { version = "0.5", optional = true }
 [features]
 default = ["field-camel-case"]
 macros = ["seaography-macros"]
+rbac = ["sea-orm/rbac"]
 with-json = ["sea-orm/with-json"]
 with-chrono = ["sea-orm/with-chrono", "async-graphql/chrono"]
 with-time = ["sea-orm/with-time", "async-graphql/time"]

examples/sqlite/Cargo.toml

@@ -25,6 +25,7 @@ serde_json = { version = "1.0.103" }
 members = []
 
 [features]
+rbac = ["seaography/rbac"]
 field-pluralize = ["seaography/field-pluralize"]
 
 [[test]]

examples/sqlite/src/query_root/queries.rs

@@ -1,8 +1,7 @@
 use super::*;
 use async_graphql::Result as GqlResult;
 use sea_orm::{ColumnTrait, EntityTrait, QueryFilter};
-use seaography::apply_pagination;
-use seaography::{macros::CustomOperation, Connection, PaginationInput};
+use seaography::{apply_pagination, macros::CustomOperation, Connection, PaginationInput};
 
 /*
 
@@ -37,8 +36,9 @@ impl Operations {
         pagination: PaginationInput,
     ) -> GqlResult<Connection<customer::Entity>> {
         let db = ctx.data::<DatabaseConnection>()?;
+
         let query = customer::Entity::find().filter(customer::Column::StoreId.eq(2));
-        let connection = apply_pagination::<customer::Entity>(db, query, pagination).await?;
+        let connection = apply_pagination::<customer::Entity, _>(db, query, pagination).await?;
 
         Ok(connection)
     }

examples/sqlite/tests/query_tests.rs

@@ -1,10 +1,11 @@
 use async_graphql::{dynamic::*, Response};
 use sea_orm::Database;
-use seaography::async_graphql;
+use seaography::{async_graphql, DatabaseContext};
 
 pub async fn get_schema() -> Schema {
     let database = Database::connect("sqlite://sakila.db").await.unwrap();
-    let schema = seaography_sqlite_example::query_root::schema(database, None, None).unwrap();
+    let schema =
+        seaography_sqlite_example::query_root::schema(database.unrestricted(), None, None).unwrap();
 
     schema
 }

src/lib.rs

@@ -264,6 +264,9 @@ pub use builder::*;
 pub mod error;
 pub use error::*;
 
+pub mod rbac;
+pub use rbac::*;
+
 pub type SimpleNamingFn = Box<dyn Fn(&str) -> String + Sync + Send>;
 pub type ComplexNamingFn = Box<dyn Fn(&str, &str) -> String + Sync + Send>;
 

src/mutation/entity_create_batch_mutation.rs

@@ -4,8 +4,9 @@ use sea_orm::{
 };
 
 use crate::{
-    apply_guard, guard_error, prepare_active_model, BuilderContext, EntityInputBuilder,
-    EntityObjectBuilder, EntityQueryFieldBuilder, GuardAction, OperationType,
+    apply_guard, guard_error, prepare_active_model, BuilderContext, DatabaseContext,
+    EntityInputBuilder, EntityObjectBuilder, EntityQueryFieldBuilder, GuardAction, OperationType,
+    UserContext,
 };
 
 /// The configuration structure of EntityCreateBatchMutationBuilder
@@ -90,7 +91,10 @@ impl EntityCreateBatchMutationBuilder {
                         return Err(guard_error(reason, "Entity guard triggered."));
                     }
 
-                    let db = ctx.data::<DatabaseConnection>()?;
+                    let db = &ctx
+                        .data::<DatabaseConnection>()?
+                        .restricted(ctx.data_opt::<UserContext>())?;
+
                     let transaction = db.begin().await?;
 
                     let entity_input_builder = EntityInputBuilder { context };

src/mutation/entity_create_one_mutation.rs

@@ -5,8 +5,8 @@ use sea_orm::{
 };
 
 use crate::{
-    apply_guard, guard_error, BuilderContext, EntityInputBuilder, EntityObjectBuilder,
-    EntityQueryFieldBuilder, GuardAction, OperationType,
+    apply_guard, guard_error, BuilderContext, DatabaseContext, EntityInputBuilder,
+    EntityObjectBuilder, EntityQueryFieldBuilder, GuardAction, OperationType, UserContext,
 };
 
 /// The configuration structure of EntityCreateOneMutationBuilder
@@ -93,7 +93,6 @@ impl EntityCreateOneMutationBuilder {
 
                     let entity_input_builder = EntityInputBuilder { context };
                     let entity_object_builder = EntityObjectBuilder { context };
-                    let db = ctx.data::<DatabaseConnection>()?;
                     let value_accessor = ctx
                         .args
                         .try_get(&context.entity_create_one_mutation.data_field)?;
@@ -115,6 +114,10 @@ impl EntityCreateOneMutationBuilder {
                         }
                     }
 
+                    let db = &ctx
+                        .data::<DatabaseConnection>()?
+                        .restricted(ctx.data_opt::<UserContext>())?;
+
                     let active_model = prepare_active_model::<T, A>(
                         &entity_input_builder,
                         &entity_object_builder,

src/mutation/entity_delete_mutation.rs

@@ -4,8 +4,9 @@ use sea_orm::{
 };
 
 use crate::{
-    apply_guard, get_filter_conditions, guard_error, BuilderContext, EntityObjectBuilder,
-    EntityQueryFieldBuilder, FilterInputBuilder, GuardAction, OperationType,
+    apply_guard, get_filter_conditions, guard_error, BuilderContext, DatabaseContext,
+    EntityObjectBuilder, EntityQueryFieldBuilder, FilterInputBuilder, GuardAction, OperationType,
+    UserContext,
 };
 
 /// The configuration structure of EntityDeleteMutationBuilder
@@ -90,7 +91,9 @@ impl EntityDeleteMutationBuilder {
                         return Err(guard_error(reason, "Entity guard triggered."));
                     }
 
-                    let db = ctx.data::<DatabaseConnection>()?;
+                    let db = &ctx
+                        .data::<DatabaseConnection>()?
+                        .restricted(ctx.data_opt::<UserContext>())?;
 
                     let filters = ctx.args.get(&context.entity_delete_mutation.filter_field);
                     let filter_condition = get_filter_conditions::<T>(context, filters)?;

src/mutation/entity_update_mutation.rs

@@ -6,8 +6,8 @@ use sea_orm::{
 
 use crate::{
     apply_guard, get_filter_conditions, guard_error, prepare_active_model, BuilderContext,
-    EntityInputBuilder, EntityObjectBuilder, EntityQueryFieldBuilder, FilterInputBuilder,
-    GuardAction, OperationType,
+    DatabaseContext, EntityInputBuilder, EntityObjectBuilder, EntityQueryFieldBuilder,
+    FilterInputBuilder, GuardAction, OperationType, UserContext,
 };
 
 /// The configuration structure of EntityUpdateMutationBuilder
@@ -101,7 +101,10 @@ impl EntityUpdateMutationBuilder {
                         return Err(guard_error(reason, "Entity guard triggered."));
                     }
 
-                    let db = ctx.data::<DatabaseConnection>()?;
+                    let db = ctx
+                        .data::<DatabaseConnection>()?
+                        .restricted(ctx.data_opt::<UserContext>())?;
+
                     let transaction = db.begin().await?;
 
                     let entity_input_builder = EntityInputBuilder { context };