BE-538: HashQL: Permission system integration#8882
Open
indietyp wants to merge 34 commits into
Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
7a01031 to
df982ed
Compare
81f4f86 to
0f60303
Compare
df982ed to
ea95719
Compare
0f60303 to
5a0812f
Compare
d74c496 to
267b920
Compare
ea95719 to
1cb0e47
Compare
| /// | ||
| /// Accessors like [`Self::entity_editions`] register that a table is needed and return a | ||
| /// reference to it. The actual `FROM` tree is built once at the end via [`Self::build_from`]. | ||
| #[derive(Debug, Clone)] |
Comment on lines
+539
to
+544
| pub(crate) const fn snapshot(&self) -> Self { | ||
| Self { | ||
| base: self.base.snapshot(), | ||
| ..*self | ||
| } | ||
| } |
267b920 to
b2e4747
Compare
1cb0e47 to
340c629
Compare
340c629 to
3e715ff
Compare
b2e4747 to
1e921af
Compare
Comment on lines
+65
to
+67
| pub(crate) const fn snapshot(&self) -> Self { | ||
| Self { ..*self } | ||
| } |
Comment on lines
+539
to
+544
| pub(crate) const fn snapshot(&self) -> Self { | ||
| Self { | ||
| base: self.base.snapshot(), | ||
| ..*self | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🌟 What is the purpose of this PR?
Integrates the authorization policy system into HashQL query execution. Compiled queries are now patched at runtime with actor-specific permit/forbid conditions (WHERE clause) and property masking (CASE WHEN projections), achieving parity with the existing
PolicyComponents+Filter::for_policiessystem used by the REST entity endpoints.🚫 Blocked by
entity_edition_cache#8854 (BE-596: Materialize entity aggregates intoentity_edition_cache)These PRs rework the underlying entity tables and query compilation that the authorization graft targets. Once they land, this PR will need to undergo some adjustments.
🔍 What does this change?
Authorization patching system (
eval/src/postgres/authorization/)entity_editionsLATERAL subquery, stripping protected property keys frompropertiesandproperty_metadatacolumnsPreparedQueryPatch): typed layer composition where each layer receives anextcontinuation, registers join demands before materialization, and can rewrite the FROM tree afterVec<Box<dyn ToSql + Sync>>sidepiece onPreparedQuery, chained as borrowed refs during encoding, separate from the compiler'sParameterssystemREST API wiring (
graph/api/src/rest/hashql/)PolicyComponentsbuilt per-request from the authenticated actor and query-derived actionsPropertyProtectionFilterConfigread from the store pool settings (respectsHASH_GRAPH_SKIP_FILTER_PROTECTION)actor_not_found(ERROR/400) vsauthorization_context_failed(BUG/500), withDetermineActorchecking inner cause to distinguish store errors from genuine not-foundProjection system (
eval/src/postgres/projections.rs)AuxiliaryProjections: tracks compiled join aliases, detects existing joins (punch-through), registers new join demandsbuild_joins: materializes auth joins into the FROM tree viamem::replaceon CrossJoin right spine, maintaining LATERAL ordering (non-LATERAL before LATERAL)find_from_by_alias: recursive FROM tree walker for locating graft targetsTest infrastructure
CompilationFixtureinpostgres/tests.rsused by both filter and authorization testsMockStoreimplementingPrincipalStore+PolicyStorewith strict assertions (actor UUID, action, principal context)Pre-Merge Checklist 🚀
🚢 Has this modified a publishable library?
This PR:
📜 Does this require a change to the docs?
The changes in this PR:
🕸️ Does this require a change to the Turbo Graph?
The changes in this PR:
PropertyProtectionFilterConfigusesHashMapinternally, so SQL generation order for multiple protected properties is non-deterministic. Semantics are order-independent (concatenated mask expression), but query plans could theoretically differ between requests. The multi-property test uses structural assertions instead of snapshots to avoid flakiness.🛡 What tests cover this?
❓ How to test this?
yarn dev:backend)cd tests/graph/http && yarn reset-database && yarn httpyac send --all tests/hashql.httpcargo test --lib --package hashql-eval -- postgres