cleanup translate_privilege, add fxn rls policy exists, add test help…

…er for drop oplicies

NAMESPACE

@@ -31,6 +31,7 @@ export(rls_enable)
 export(rls_list_roles)
 export(rls_permissions)
 export(rls_policies)
+export(rls_policy_exists)
 export(rls_privileges)
 export(rls_run)
 export(rls_table_privileges)
@@ -41,6 +42,7 @@ export(rows_new)
 export(setup_example_table)
 export(to)
 export(translate_privilege)
+export(translate_row_policy)
 import(dbplyr)
 importFrom(DBI,dbExecute)
 importFrom(DBI,dbGetQuery)

R/drop.R

@@ -40,8 +40,8 @@ rls_drop_policy <- function(con, policy = NULL, name = NULL, table = NULL) {
     name <- policy$name
     table <- policy$table
   } else {
-    if (is.null(name) && is.null(table)) {
-      rlang::abort("if `policy` is NULL, name & table must be non-NULL")
+    if (is.null(name) || is.null(table)) {
+      rlang::abort("if `policy` is NULL, `name` & `table` must be non-NULL")
     }
   }
   invisible(dbExecute(con, glue("{drop_statement} POLICY {name} ON {table}")))

R/exists.R

@@ -0,0 +1,33 @@
+#' Check if a row level security policy exists
+#'
+#' @export
+#' @param con a DBI database connection object. required. supports only
+#' postgres and redshift connections
+#' @param name (character) a policy name. required
+#' @return scalar boolean, `TRUE` or `FALSE`
+#' @examplesIf has_postgres()
+#' library(DBI)
+#' library(RPostgres)
+#' con <- dbConnect(Postgres())
+#' dbWriteTable(con, "attitude", attitude)
+#' policy <- rls_tbl(con, "attitude") %>%
+#'   row_policy(name = "some_policy") %>%
+#'   commands(update) %>% 
+#'   rows_existing(TRUE) %>%
+#'   to(jane)
+#' policy
+#' rls_run(policy)
+#' rls_policies(con)
+#' rls_policy_exists(con, "some_policy")
+#' rls_drop_policy(con, name = "some_policy", table = "attitude")
+#' rls_policy_exists(con, "some_policy")
+#' dbRemoveTable(con, "attitude")
+#' dbDisconnect(con)
+rls_policy_exists <- function(con, name) {
+  is_conn(con)
+  pols <- rls_policies(con)
+  if (NROW(pols) == 0) {
+    return(FALSE)
+  }
+  name %in% pols$policyname
+}

R/privileges.R

@@ -100,9 +100,10 @@ from <- to
 #' Translate privilege
 #'
 #' @export
-#' @param priv an object of class `privilege`, required
+#' @keywords internal
+#' @param priv an S3 object of class `privilege`, required
 #' @param con DBI connection object, required
-#' @examplesIf interactive() && rlang::is_installed("dbplyr")
+#' @examplesIf interactive()
 #' library(tibble)
 #' library(RPostgres)
 #' library(DBI)
@@ -112,16 +113,18 @@ from <- to
 #'   apples = c("pink lady", "cortland", "mcintosh"),
 #'   strawberries = c("alice", "albion", "alaska pioneer")
 #' )
-#' DBI::dbWriteTable(con, "fruits", dat)
+#' dbWriteTable(con, "fruits", dat)
 #' dbExecute(con, "CREATE ROLE jane")
+#' auto_pipe(FALSE)
 #'
 #' # GRANT SELECT
 #' #  ON fruits
 #' #  TO jane
 #' priv <-
-#'   rls_tbl(con, "fruits") %>%
+#'   rls_tbl(con, "flights") %>%
 #'   grant(select) %>%
 #'   to(jane)
+#' priv
 #' translate_privilege(priv, con)
 #'
 #' # REVOKE SELECT
@@ -131,6 +134,7 @@ from <- to
 #'   rls_tbl(con, "fruits") %>%
 #'   revoke(select) %>%
 #'   from(jane)
+#' priv
 #' translate_privilege(priv, con)
 #'
 #' # GRANT SELECT
@@ -141,10 +145,12 @@ from <- to
 #'   rls_tbl(con, "fruits") %>%
 #'   grant(select, cols = c("apples", "strawberries")) %>%
 #'   to(jane)
+#' priv
 #' sql <- translate_privilege(priv, con)
 #' dbExecute(con, sql)
 translate_privilege <- function(priv, con) {
   assert_is(priv, "privilege")
+  is_conn(con)
 
   template <- priv_templates[[priv$type]]
 

R/row_policy.R

@@ -34,7 +34,7 @@ row_policy <- function(.data, name) {
 #'    setup_example_table(con, "passwd")
 #' }
 #' rls_tbl(con, "passwd") %>%
-#'   row_policy("my_policy") %>%
+#'   row_policy("their_policy") %>%
 #'   commands(update)
 commands <- function(.data, ...) {
   pipe_autoexec(toggle = rls_env$auto_pipe)
@@ -58,7 +58,7 @@ commands <- function(.data, ...) {
 #'    setup_example_table(con, "passwd")
 #' }
 #' rls_tbl(con, "passwd") %>%
-#'   row_policy("my_policy") %>%
+#'   row_policy("a_good_policy") %>%
 #'   commands(update) %>%
 #'   rows_existing(sql = 'current_user = "user_name"')
 rows_existing <- function(.data, using = NULL, sql = NULL) {
@@ -100,7 +100,7 @@ rows_existing <- function(.data, using = NULL, sql = NULL) {
 #'   to(jane)
 #'
 #' rls_tbl(con, "passwd") %>%
-#'   row_policy("my_policy") %>%
+#'   row_policy("that_policy") %>%
 #'   commands(update) %>%
 #'   rows_existing(sql = 'current_user = "user_name"') %>%
 #'   rows_new(home_phone == "098-765-4321") %>%
@@ -147,6 +147,32 @@ express <- function(x) {
   glue("({ifelse(x == 'TRUE', tolower(x), x)})")
 }
 
+#' Translate row policy
+#'
+#' @export
+#' @keywords internal
+#' @param policy an S3 object of class `row_policy`, required
+#' @param con DBI connection object, required
+#' @examplesIf interactive()
+#' library(RPostgres)
+#' library(DBI)
+#' con <- dbConnect(Postgres())
+#' setup_example_table(con)
+#'
+#' if (rls_policy_exists(con, "blue_policy")) {
+#'   rls_drop_policy(con, name = "blue_policy", table = "passwd")
+#' }
+#'
+#' policy <- rls_tbl(con, "passwd") %>%
+#'   row_policy(name = "blue_policy") %>%
+#'   commands(update) %>%
+#'   rows_existing(TRUE) %>%
+#'   rows_new(TRUE) %>%
+#'   to(jane)
+#' policy
+#' sql <- translate_row_policy(policy, con)
+#' sql
+#' dbExecute(con, sql)
 translate_row_policy <- function(policy, con) {
   is_conn(con)
   create_statement <- switch(class(con),

tests/testthat/helper-rls.R

@@ -9,3 +9,14 @@ with_database_connection <- function(expr, con = RPostgres::postgresDefault()) {
   context <- list2env(list(con = con), parent = parent.frame())
   eval(substitute(expr), envir = context)
 }
+
+drop_all_rls_policies <- function(con) {
+  pols <- rls_policies(con)
+  if (NROW(pols) == 0) return()
+  for (i in seq_len(NROW(pols))) {
+    rls_drop_policy(con,
+      name = pols$policyname[i],
+      table = pols$tablename[i]
+    )
+  }
+}

tests/testthat/test-rls_drop_policy.R

@@ -1,5 +1,6 @@
 test_that("rls_drop_policy", {
   with_database_connection({
+    drop_all_rls_policies(con)
     DBI::dbWriteTable(con, "usarrests", USArrests, temporary = TRUE)
     on.exit(DBI::dbRemoveTable(con, "usarrests"), add = TRUE)