Fix authorization check for CrudCode (#431)

* Fix authorization check for CrudCode Make all mutating SQL operations require the caller to be the database owner. * Add auth check tests + ensure all tables in a join are considered
clockworklabs · Oct 16, 2023 · 41f9fac · 41f9fac
1 parent 6715b4c
commit 41f9fac
Show file tree

Hide file tree

Showing 4 changed files with 274 additions and 59 deletions.
diff --git a/crates/lib/src/error.rs b/crates/lib/src/error.rs
@@ -112,6 +112,8 @@ pub enum AuthError {
     IndexPrivate { named: String },
     #[error("Sequence `{named}` is private")]
     SequencePrivate { named: String },
+    #[error("Only the database owner can perform the requested operation")]
+    OwnerRequired,
 }
 
 #[derive(thiserror::Error, Debug)]

diff --git a/crates/lib/src/identity.rs b/crates/lib/src/identity.rs
@@ -36,7 +36,7 @@ impl Identity {
     const ABBREVIATION_LEN: usize = 16;
 
     /// Returns an `Identity` defined as the given `bytes` byte array.
-    pub fn from_byte_array(bytes: [u8; 32]) -> Self {
+    pub const fn from_byte_array(bytes: [u8; 32]) -> Self {
         Self {
             __identity_bytes: bytes,
         }

diff --git a/crates/lib/src/relation.rs b/crates/lib/src/relation.rs
@@ -602,7 +602,7 @@ impl Relation for DbTable {
     }
 }
 
-#[derive(Debug, Clone, Eq, PartialEq)]
+#[derive(Debug, Clone, Eq, PartialEq, From)]
 pub enum Table {
     MemTable(MemTable),
     DbTable(DbTable),