diff --git a/docs/reference/sql_adapter.rst b/docs/reference/sql_adapter.rst index cae783a1574..a10960a466e 100644 --- a/docs/reference/sql_adapter.rst +++ b/docs/reference/sql_adapter.rst @@ -308,7 +308,7 @@ construct is mapped to PostgreSQL schema: SET "global default::username" TO 'Tom'``. - Access policies are applied to object type tables when setting - ``apply_access_policies_sql`` is set to ``true``. + ``apply_access_policies_pg`` is set to ``true``. - Mutation rewrites and triggers are applied to all DML commands. @@ -342,10 +342,10 @@ SQL adapter supports a limited subset of PostgreSQL connection settings. There are the following additionally connection settings: - ``allow_user_specified_id`` (default ``false``), -- ``apply_access_policies_sql`` (default ``false``), +- ``apply_access_policies_pg`` (default ``false``), - settings prefixed with ``"global "`` can use used to set values of globals. -Note that if ``allow_user_specified_id`` or ``apply_access_policies_sql`` are +Note that if ``allow_user_specified_id`` or ``apply_access_policies_pg`` are unset, they default to configuration set by ``configure current database`` EdgeQL command. diff --git a/docs/stdlib/cfg.rst b/docs/stdlib/cfg.rst index 3e3a37d8430..a0fc12e5133 100644 --- a/docs/stdlib/cfg.rst +++ b/docs/stdlib/cfg.rst @@ -159,7 +159,7 @@ Query behavior UI session, so you won't have to remember to re-enable it when you're done. -:eql:synopsis:`apply_access_policies_sql -> bool` +:eql:synopsis:`apply_access_policies_pg -> bool` Determines whether access policies should be applied when running queries over SQL adapter. Defaults to ``false``. diff --git a/edb/lib/cfg.edgeql b/edb/lib/cfg.edgeql index 6a586e666d6..9b2d672c626 100644 --- a/edb/lib/cfg.edgeql +++ b/edb/lib/cfg.edgeql @@ -261,7 +261,7 @@ ALTER TYPE cfg::AbstractConfig { 'Whether access policies will be applied when running queries.'; }; - CREATE PROPERTY apply_access_policies_sql -> std::bool { + CREATE PROPERTY apply_access_policies_pg -> std::bool { SET default := false; CREATE ANNOTATION cfg::affects_compilation := 'false'; CREATE ANNOTATION std::description := diff --git a/edb/server/compiler/compiler.py b/edb/server/compiler/compiler.py index 8591467ec14..448729ecd22 100644 --- a/edb/server/compiler/compiler.py +++ b/edb/server/compiler/compiler.py @@ -552,10 +552,10 @@ def compile_sql( if setting and setting.value: allow_user_specified_id = sql.is_setting_truthy(setting.value) - setting = database_config.get('apply_access_policies_sql', None) - apply_access_policies_sql = None + setting = database_config.get('apply_access_policies_pg', None) + apply_access_policies_pg = None if setting and setting.value: - apply_access_policies_sql = sql.is_setting_truthy(setting.value) + apply_access_policies_pg = sql.is_setting_truthy(setting.value) return sql.compile_sql( query_str, @@ -565,7 +565,7 @@ def compile_sql( current_database=current_database, current_user=current_user, allow_user_specified_id=allow_user_specified_id, - apply_access_policies_sql=apply_access_policies_sql, + apply_access_policies=apply_access_policies_pg, disambiguate_column_names=False, backend_runtime_params=self.state.backend_runtime_params, protocol_version=defines.POSTGRES_PROTOCOL, @@ -2516,7 +2516,7 @@ def compile_sql_as_unit_group( current_database=ctx.branch_name or "", current_user=ctx.role_name or "", allow_user_specified_id=allow_user_specified_id, - apply_access_policies_sql=apply_access_policies, + apply_access_policies=apply_access_policies, include_edgeql_io_format_alternative=True, allow_prepared_statements=False, disambiguate_column_names=True, diff --git a/edb/server/compiler/sql.py b/edb/server/compiler/sql.py index a0637ab9071..bbff8d35dd5 100644 --- a/edb/server/compiler/sql.py +++ b/edb/server/compiler/sql.py @@ -50,7 +50,7 @@ { 'search_path': True, 'allow_user_specified_id': True, - 'apply_access_policies_sql': True, + 'apply_access_policies_pg': True, 'server_version': False, 'server_version_num': False, } @@ -66,7 +66,7 @@ def compile_sql( current_database: str, current_user: str, allow_user_specified_id: Optional[bool], - apply_access_policies_sql: Optional[bool], + apply_access_policies: Optional[bool], include_edgeql_io_format_alternative: bool = False, allow_prepared_statements: bool = True, disambiguate_column_names: bool, @@ -78,7 +78,7 @@ def compile_sql( current_database=current_database, current_user=current_user, allow_user_specified_id=allow_user_specified_id, - apply_access_policies_sql=apply_access_policies_sql, + apply_access_policies=apply_access_policies, include_edgeql_io_format_alternative=( include_edgeql_io_format_alternative ), @@ -329,10 +329,10 @@ def compile_sql( 'allow_user_specified_id', ('true' if allow_user_specified_id else 'false',), ) - if apply_access_policies_sql is not None: + if apply_access_policies is not None: cconfig.setdefault( - 'apply_access_policies_sql', - ('true' if apply_access_policies_sql else 'false',), + 'apply_access_policies', + ('true' if apply_access_policies else 'false',), ) search_path = parse_search_path(cconfig.pop("search_path", ("",))) cconfig = dict(sorted((k, v) for k, v in cconfig.items())) @@ -389,7 +389,7 @@ class ResolverOptionsPartial: current_database: str query_str: str allow_user_specified_id: Optional[bool] - apply_access_policies_sql: Optional[bool] + apply_access_policies: Optional[bool] include_edgeql_io_format_alternative: Optional[bool] disambiguate_column_names: bool @@ -422,10 +422,10 @@ def resolve_query( allow_user_specified_id = False apply_access_policies = lookup_bool_setting( - tx_state, 'apply_access_policies_sql' + tx_state, 'apply_access_policies_pg' ) if apply_access_policies is None: - apply_access_policies = opts.apply_access_policies_sql + apply_access_policies = opts.apply_access_policies if apply_access_policies is None: apply_access_policies = False diff --git a/tests/test_server_ops.py b/tests/test_server_ops.py index 843f70f0507..49dcf9cf0b5 100644 --- a/tests/test_server_ops.py +++ b/tests/test_server_ops.py @@ -860,7 +860,8 @@ def measure_sql_compilations( await scon.execute('select 1') # compiler call, because config was changed - await scon.execute('SET apply_access_policies_sql to 1') + await scon.execute('SET apply_access_policies_pg to 1') + with self.assertChange(measure_sql_compilations(sd), 1): await scon.execute('select 1') finally: diff --git a/tests/test_sql_query.py b/tests/test_sql_query.py index 6dc34cf85e2..a4d8221ca1d 100644 --- a/tests/test_sql_query.py +++ b/tests/test_sql_query.py @@ -623,7 +623,7 @@ async def test_sql_query_33a(self): # system columns when access policies are applied tran = self.scon.transaction() await tran.start() - await self.scon.execute('SET LOCAL apply_access_policies_sql TO true') + await self.scon.execute('SET LOCAL apply_access_policies_pg TO true') await self.scon.execute( """SET LOCAL "global default::filter_title" TO 'Halo 3'""" ) @@ -1353,7 +1353,7 @@ async def test_sql_query_set_03(self): self.assertEqual(res, [["public"]]) async def test_sql_query_set_04(self): - # database settings allow_user_specified_ids & apply_access_policies_sql + # database settings allow_user_specified_ids & apply_access_policies_pg # should be unified over EdgeQL and SQL adapter async def set_current_database(val: Optional[bool]): @@ -1361,14 +1361,14 @@ async def set_current_database(val: Optional[bool]): await self.con.execute( f''' configure current database - reset apply_access_policies_sql; + reset apply_access_policies_pg; ''' ) else: await self.con.execute( f''' configure current database - set apply_access_policies_sql := {str(val).lower()}; + set apply_access_policies_pg := {str(val).lower()}; ''' ) @@ -1376,13 +1376,13 @@ async def set_sql(val: Optional[bool]): if val is None: await self.scon.execute( f''' - RESET apply_access_policies_sql; + RESET apply_access_policies_pg; ''' ) else: await self.scon.execute( f''' - SET apply_access_policies_sql TO '{str(val).lower()}'; + SET apply_access_policies_pg TO '{str(val).lower()}'; ''' ) @@ -2150,7 +2150,7 @@ async def test_sql_query_access_policy_01(self): ], ) - await self.scon.execute('SET LOCAL apply_access_policies_sql TO true') + await self.scon.execute('SET LOCAL apply_access_policies_pg TO true') # access policies applied res = await self.squery_values( @@ -2179,7 +2179,7 @@ async def test_sql_query_access_policy_02(self): res = await self.squery_values('SELECT x FROM "ContentSummary"') self.assertEqual(res, [[5]]) - await self.scon.execute('SET LOCAL apply_access_policies_sql TO true') + await self.scon.execute('SET LOCAL apply_access_policies_pg TO true') # access policies applied res = await self.squery_values('SELECT x FROM "ContentSummary"') @@ -2202,7 +2202,7 @@ async def test_sql_query_access_policy_03(self): # allowed without applying access policies - await self.scon.execute('SET LOCAL apply_access_policies_sql TO true') + await self.scon.execute('SET LOCAL apply_access_policies_pg TO true') # allowed when filter_title == 'summary' await self.scon.execute( @@ -2233,7 +2233,7 @@ async def test_sql_query_access_policy_04(self): res = await self.squery_values('SELECT * FROM ONLY "Content"') self.assertEqual(len(res), 1) - await self.scon.execute('SET LOCAL apply_access_policies_sql TO true') + await self.scon.execute('SET LOCAL apply_access_policies_pg TO true') await self.scon.execute( """SET LOCAL "global default::filter_title" TO 'Halo 3'""" @@ -2313,7 +2313,7 @@ async def test_sql_query_locking_01(self): "locking clause not supported", ): await self.scon.execute( - 'SET LOCAL apply_access_policies_sql TO TRUE' + 'SET LOCAL apply_access_policies_pg TO TRUE' ) await self.squery_values( '''