getwilds · seankross · Oct 21, 2024 · Oct 24, 2024 · Oct 29, 2024 · Oct 29, 2024
diff --git a/.github/workflows/R-check.yml b/.github/workflows/R-check.yml
@@ -1,10 +1,4 @@
-# Workflow derived from https://github.com/r-lib/actions/tree/v2/examples
-# Need help debugging build failures? Start at https://github.com/r-lib/actions#where-to-find-help
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
+on: [push, pull_request]
 
 name: R-check
 

diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@
 docs
 inst/doc
 endtoend-*
+R/s7stuff.R
diff --git a/DESCRIPTION b/DESCRIPTION
@@ -8,21 +8,30 @@ Authors@R: c(
   )
 Description: Row level security helpers. Currenlty supports
     PostgreSQL and Redshift flavored PostgreSQL.
-URL: https://github.com/getwilds/rls, http://getwilds.org/rls
+URL: https://github.com/getwilds/rls, https://getwilds.org/rls
 BugReports: https://github.com/getwilds/rls/issues
 License: MIT + file LICENSE
 Encoding: UTF-8
-Roxygen: list(markdown = TRUE)
+Roxygen: list(markdown = TRUE, roclets = c("collate", "namespace", "rd",
+    "roxyglobals::global_roclet"))
 RoxygenNote: 7.3.2
 Imports: 
     DBI,
+    dplyr,
+    dbplyr,
+    RPostgres,
+    tibble,
+    withr,
     glue,
+    cli,
     rlang,
-    RPostgres,
-    tibble
+    magrittr
 Suggests: 
     knitr,
     rmarkdown,
+    roxyglobals,
     testthat (>= 3.0.0)
 Config/testthat/edition: 3
 VignetteBuilder: knitr
+Config/roxyglobals/filename: globals.R
+Config/roxyglobals/unique: FALSE
diff --git a/Makefile b/Makefile
@@ -20,7 +20,11 @@ eg:
 	${RSCRIPT} -e "devtools::run_examples(run_dontrun = TRUE)"
 
 check: build
-	_R_CHECK_CRAN_INCOMING_=FALSE R CMD CHECK --as-cran --no-manual `ls -1tr ${PACKAGE}*gz | tail -n1`
+	_R_CHECK_SYSTEM_CLOCK_=FALSE _R_CHECK_CRAN_INCOMING_=FALSE R CMD CHECK --as-cran --no-manual `ls -1tr ${PACKAGE}*gz | tail -n1`
+	@rm -f `ls -1tr ${PACKAGE}*gz | tail -n1`
+	@rm -rf ${PACKAGE}.Rcheck
+
+clean:
 	@rm -f `ls -1tr ${PACKAGE}*gz | tail -n1`
 	@rm -rf ${PACKAGE}.Rcheck
 

diff --git a/NAMESPACE b/NAMESPACE
@@ -1,18 +1,83 @@
 # Generated by roxygen2: do not edit by hand
 
-S3method(print,rls_policy)
+S3method(as_con,PqConnection)
+S3method(as_con,privilege)
+S3method(as_con,row_policy)
+S3method(as_priv,privilege)
+S3method(as_priv,tbl_sql)
+S3method(as_row_policy,row_policy)
+S3method(as_row_policy,tbl_sql)
+S3method(print,privilege)
+S3method(print,row_policy)
+export("%>%")
+export(as_priv)
+export(as_row_policy)
+export(auto_pipe)
+export(commands)
+export(from)
+export(grant)
 export(has_postgres)
+export(restrictive)
+export(revoke)
 export(rls_check_status)
-export(rls_construct_policy)
-export(rls_create_policy)
+export(rls_col_policy)
+export(rls_column_privileges)
+export(rls_current_user)
 export(rls_disable)
+export(rls_drop_policies)
 export(rls_drop_policy)
 export(rls_enable)
+export(rls_list_roles)
+export(rls_perform)
+export(rls_permissions)
 export(rls_policies)
+export(rls_policy_exists)
+export(rls_privileges)
+export(rls_role_exists)
+export(rls_table_privileges)
+export(rls_tbl)
+export(row_policy)
+export(rows_existing)
+export(rows_new)
+export(setup_example_table)
+export(to)
+export(translate_privilege)
+export(translate_row_policy)
+export(with_db_user)
+import(dbplyr)
 importFrom(DBI,dbExecute)
+importFrom(DBI,dbExistsTable)
 importFrom(DBI,dbGetQuery)
+importFrom(DBI,dbRemoveTable)
 importFrom(RPostgres,Postgres)
+importFrom(cli,ansi_collapse)
+importFrom(cli,cat_line)
+importFrom(cli,cli_abort)
+importFrom(cli,format_error)
+importFrom(dbplyr,copy_inline)
+importFrom(dbplyr,sql)
+importFrom(dbplyr,translate_sql)
+importFrom(dplyr,"%>%")
+importFrom(dplyr,bind_rows)
+importFrom(dplyr,filter)
+importFrom(dplyr,pull)
+importFrom(dplyr,rows_append)
+importFrom(dplyr,tbl)
 importFrom(glue,glue)
 importFrom(glue,glue_safe)
+importFrom(magrittr,"%>%")
+importFrom(rlang,abort)
+importFrom(rlang,as_name)
+importFrom(rlang,caller_arg)
+importFrom(rlang,caller_env)
+importFrom(rlang,enquo)
+importFrom(rlang,enquos)
+importFrom(rlang,has_length)
+importFrom(rlang,is_character)
 importFrom(rlang,is_empty)
+importFrom(rlang,is_scalar_character)
+importFrom(rlang,quo_is_null)
 importFrom(tibble,as_tibble)
+importFrom(tibble,tibble)
+importFrom(tibble,tribble)
+importFrom(withr,defer)
diff --git a/R/as_con.R b/R/as_con.R
@@ -0,0 +1,18 @@
+#' As connection
+#' @keywords internal
+#' @return an S3 class object
+as_con <- function(x) {
+  UseMethod("as_con")
+}
+#' @export
+as_con.row_policy <- function(x) {
+  return(x$data$src$con)
+}
+#' @export
+as_con.privilege <- function(x) {
+  return(x$data$src$con)
+}
+#' @export
+as_con.PqConnection <- function(x) {
+  return(x)
+}
diff --git a/R/as_priv.R b/R/as_priv.R
@@ -0,0 +1,39 @@
+#' As privilege
+#' @param x some input
+#' @export
+#' @return an object of S3 class "privilege"
+as_priv <- function(x) {
+  UseMethod("as_priv")
+}
+#' @export
+as_priv.privilege <- function(x) {
+  return(x)
+}
+#' @export
+as_priv.tbl_sql <- function(x) {
+  tmp <- list(
+    data = x,
+    user = NULL,
+    privilege = list(),
+    type = NULL
+  )
+  structure(tmp, class = "privilege")
+}
+#' @export
+#' @importFrom cli cat_line
+print.privilege <- function(x, ...) {
+  cat_line("<privilege>")
+  if (!is_really_empty(x$user)) cat_me("user", x$user)
+  if (!is_really_empty(x$privilege)) {
+    cat_me("type", x$type)
+    for (i in x$privilege) {
+      cat_me(x = i$commands, y = i$cols %|||% "<all cols>", indent = "    ")
+    }
+  }
+  print(x$data)
+}
+
+cat_me <- function(x, y, indent = "  ") {
+  y <- paste0(y, collapse = ", ")
+  cat_line(glue("{indent}{x}: {y}", .trim = FALSE))
+}
diff --git a/R/as_row_policy.R b/R/as_row_policy.R
@@ -0,0 +1,49 @@
+#' As row policy
+#' @param x some input
+#' @export
+#' @return an object of S3 class "row_policy"
+as_row_policy <- function(x) {
+  UseMethod("as_row_policy")
+}
+#' @export
+as_row_policy.row_policy <- function(x) {
+  return(x)
+}
+#' @export
+as_row_policy.tbl_sql <- function(x) {
+  tmp <- list(
+    data = x,
+    name = NULL,
+    as = NULL,
+    commands = NULL,
+    user = NULL,
+    existing_rows = NULL,
+    new_rows = NULL,
+    type = NULL
+  )
+  structure(tmp, class = "row_policy")
+}
+#' @export
+print.row_policy <- function(x, ...) {
+  cat_line(glue("<row_policy> {x$name}"))
+  cat_me("as", x$as %||% "PERMISSIVE")
+  if (!is_really_empty(x$user)) {
+    cat_me("user", x$user)
+  }
+  if (!is_really_empty(x$commands)) {
+    cat_me("commands", x$commands)
+  }
+  if (!is_really_empty(x$existing_rows)) {
+    cat_me("existing rows", x$existing_rows)
+  }
+  if (!is_really_empty(x$new_rows)) {
+    cat_me("new rows", x$new_rows)
+  }
+  if (!is_really_empty(x$privilege)) {
+    cat_me("type", x$type)
+    for (i in x$privilege) {
+      cat_me(x = i$commands, y = i$cols %|||% "<all cols>", indent = "    ")
+    }
+  }
+  print(x$data)
+}
diff --git a/R/drop.R b/R/drop.R
@@ -1,34 +1,43 @@
-#' Drop a row level security policy
+#' Drop row level security policies
 #'
 #' @export
 #' @importFrom glue glue
 #' @importFrom DBI dbExecute
-#' @inheritParams rls_create_policy
+#' @param con a DBI database connection object
+#' @param policy (list) a policy derived from running [row_policy()] and
+#' friends
 #' @param name (character) a policy name. optional
 #' @param table (character) a table name. optional
 #' @details If `policy` is supplied, `name` and `table` are not required. If
 #' `policy` is not supplied, `name` and `table` need to be supplied.
-#' @return a scalar numeric that specifies the number of rows affected
-#' by the statement, invisibly
+#' @return For `rls_drop_policy`, a scalar numeric that specifies the number
+#' of rows affected by the statement, invisibly. For `rls_drop_policies`,
+#' return `NULL` invisibly
 #' @references <https://www.postgresql.org/docs/current/sql-droppolicy.html>
-#' @examplesIf interactive() && has_postgres()
+#' @details `rls_drop_policy` drops a single policy, and `rls_drop_policies`
+#' drops all policies in the database defined by the `con`
+#' @examplesIf has_postgres()
 #' library(DBI)
 #' library(RPostgres)
 #' con <- dbConnect(Postgres())
 #'
-#' dbCreateTable(con, "atable", mtcars)
+#' dbWriteTable(con, "atable", mtcars, overwrite = TRUE)
+#'
+#' policy1 <- rls_tbl(con, "atable") %>%
+#'   row_policy("hide_confidential") %>%
+#'   rows_existing(TRUE)
+#' rls_perform(policy1)
 #'
-#' policy1 <- rls_construct_policy(
-#'   name = "hide_confidential",
-#'   on = "atable",
-#'   using = "(true)"
-#' )
-#' policy1
-#' rls_create_policy(con, policy1)
 #' rls_policies(con)
 #' rls_drop_policy(con, policy1)
 #' rls_policies(con)
 #'
+#' rls_perform(policy1)
+#' rls_policies(con)
+#' rls_drop_policies(con)
+#' rls_policies(con)
+#'
+#' dbRemoveTable(con, "atable")
 #' dbDisconnect(con)
 rls_drop_policy <- function(con, policy = NULL, name = NULL, table = NULL) {
   is_conn(con)
@@ -38,11 +47,26 @@ rls_drop_policy <- function(con, policy = NULL, name = NULL, table = NULL) {
   )
   if (!is.null(policy)) {
     name <- policy$name
-    table <- policy$table
+    table <- attr(policy$data, "table")
   } else {
-    if (is.null(name) && is.null(table)) {
-      rlang::abort("if `policy` is NULL, name & table must be non-NULL")
+    if (is.null(name) || is.null(table)) {
+      rlang::abort("if `policy` is NULL, `name` & `table` must be non-NULL")
     }
   }
   invisible(dbExecute(con, glue("{drop_statement} POLICY {name} ON {table}")))
 }
+
+#' @export
+#' @rdname rls_drop_policy
+rls_drop_policies <- function(con) {
+  pols <- rls_policies(con)
+  if (NROW(pols) == 0) return(invisible())
+  for (i in seq_len(NROW(pols))) {
+    invisible(
+      rls_drop_policy(con,
+        name = pols$policyname[i],
+        table = pols$tablename[i]
+      )
+    )
+  }
+}
diff --git a/R/enable.R b/R/enable.R
@@ -12,7 +12,7 @@
 #' library(RPostgres)
 #' con <- dbConnect(Postgres())
 #' dbListTables(con)
-#' dbWriteTable(con, "mtcars", mtcars, temporary = TRUE)
+#' dbWriteTable(con, "mtcars", mtcars, overwrite = TRUE)
 #' rls_enable(con, table = "mtcars")
 #' rls_check_status(con, "mtcars")
 #' rls_disable(con, table = "mtcars")