Merge pull request #5 from DanCardin/dc/schema-grants

Author: DanCardin

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sqlalchemy-declarative-extensions"
-version = "0.2.1"
+version = "0.2.2"
 description = "Library to declare additional kinds of objects not natively supported by SqlAlchemy/Alembic."
 
 authors = ["Dan Cardin <ddcardin@gmail.com>"]

src/sqlalchemy_declarative_extensions/alembic/row.py

@@ -21,7 +21,9 @@
 
 @comparators.dispatch_for("schema")
 def compare_rows(autogen_context: AutogenContext, upgrade_ops: UpgradeOps, _):
-    if autogen_context.metadata is None or autogen_context.connection is None:
+    if (
+        autogen_context.metadata is None or autogen_context.connection is None
+    ):  # pragma: no cover
         return
 
     rows: Optional[Rows] = autogen_context.metadata.info.get("rows")

src/sqlalchemy_declarative_extensions/api.py

@@ -5,6 +5,7 @@
 from sqlalchemy import event
 from sqlalchemy.orm import DeclarativeMeta
 from sqlalchemy.sql.schema import MetaData
+from typing_extensions import Protocol
 
 from sqlalchemy_declarative_extensions.grant.base import Grants
 from sqlalchemy_declarative_extensions.role.base import Roles
@@ -115,8 +116,12 @@ def declare_database(
     metadata.info["rows"] = Rows.coerce_from_unknown(rows)
 
 
+class HasMetaData(Protocol):
+    metadata: MetaData
+
+
 def register_sqlalchemy_events(
-    maybe_metadata: MetaData | DeclarativeMeta,
+    maybe_metadata: Union[MetaData, HasMetaData],
     schemas=False,
     roles=False,
     grants=False,

src/sqlalchemy_declarative_extensions/compat.py

@@ -24,6 +24,4 @@ def from_string(
             return string
 
     def __lt__(self, other):
-        if isinstance(other, self.__class__):
-            return self.value < other.value
-        return self.value < other
+        return self.value < other.value

src/sqlalchemy_declarative_extensions/dialects/from_string.py

@@ -156,7 +156,7 @@ class SchemaGrants(GrantOptions):
     def acl_symbols(cls):
         return {
             cls.create: "C",
-            cls.usage: "C",
+            cls.usage: "U",
         }
 
 
@@ -218,12 +218,6 @@ def _str_to_kind(cls):
     def from_relkind(cls, relkind: str):
         return cls._str_to_kind()[relkind]
 
-    def to_relkind(self) -> str:
-        for k, v in self._str_to_kind().items():
-            if v == self:
-                return k
-        raise NotImplementedError()  # pragma: nocover
-
     def to_variants(self):
         return {
             self.database: DatabaseGrants,
@@ -255,12 +249,6 @@ def _str_to_kind(cls):
     def from_relkind(cls, relkind: str):
         return cls._str_to_kind()[relkind]
 
-    def to_relkind(self) -> str:
-        for k, v in self._str_to_kind().items():
-            if v == self:
-                return k
-        raise NotImplementedError()  # pragma: nocover
-
     def to_variants(self):
         return {
             self.table: TableGrants,

src/sqlalchemy_declarative_extensions/dialects/postgresql/grant_type.py

@@ -62,6 +62,7 @@ def get_default_grants_postgresql(
             for default_grant in default_grants:
                 if roles is None or default_grant.grant.target_role in roles:
                     result.append(default_grant)
+
     return result
 
 
@@ -89,6 +90,7 @@ def get_grants_postgresql(
             for grant in grants:
                 if roles is None or grant.grant.target_role in roles:
                     result.append(grant)
+
     return result
 
 
@@ -104,6 +106,6 @@ def get_roles_postgresql(connection: Connection, exclude=None):
 
 
 def qualify_name(schema, name):
-    if schema == "public":
+    if not schema or schema == "public":
         return name
     return f"{schema}.{name}"

src/sqlalchemy_declarative_extensions/dialects/postgresql/query.py

@@ -47,7 +47,7 @@ def from_pg_role(cls, r) -> Role:
 
     @classmethod
     def from_unknown_role(cls, r: Union[generic.Role, Role]) -> Role:
-        if isinstance(r, generic.Role):
+        if not isinstance(r, Role):
             return Role(r.name, in_roles=r.in_roles)
 
         return r

src/sqlalchemy_declarative_extensions/dialects/postgresql/role.py

@@ -1,4 +1,4 @@
-from sqlalchemy import column, select, String, table, text
+from sqlalchemy import and_, column, literal, select, String, table, text, union
 from sqlalchemy.dialects.postgresql import ARRAY
 
 pg_class = table(
@@ -15,6 +15,8 @@
     "pg_namespace",
     column("oid"),
     column("nspname"),
+    column("nspowner"),
+    column("nspacl"),
 )
 
 pg_roles = table(
@@ -55,10 +57,15 @@
         """
 )
 
+_schema_not_pg = and_(
+    pg_namespace.c.nspname != "information_schema",
+    pg_namespace.c.nspname.not_like("pg_%"),
+)
+_schema_not_public = pg_namespace.c.nspname != "public"
+_table_not_pg = pg_class.c.relname.not_like("pg_%")
+
 schemas_query = (
-    select(pg_namespace.c.nspname)
-    .where(pg_namespace.c.nspname.not_in(["information_schema", "public"]))
-    .where(pg_namespace.c.nspname.not_like("pg_%"))
+    select(pg_namespace.c.nspname).where(_schema_not_pg).where(_schema_not_public)
 )
 
 
@@ -78,7 +85,7 @@
     )
 )
 
-object_acl_query = (
+object_acl_query = union(
     select(
         pg_namespace.c.nspname.label("schema"),
         pg_class.c.relname.label("name"),
@@ -92,8 +99,20 @@
         )
     )
     .where(pg_class.c.relkind.in_(["r", "S", "f", "n", "T"]))
-    .where(pg_class.c.relname.not_like("pg_%"))
-    .where(pg_namespace.c.nspname != "information_schema")
+    .where(_table_not_pg)
+    .where(_schema_not_pg),
+    select(
+        literal(None).label("schema"),
+        pg_namespace.c.nspname.label("name"),
+        literal("n").label("relkind"),
+        pg_authid.c.rolname.label("owner"),
+        pg_namespace.c.nspacl.cast(ARRAY(String)),
+    )
+    .select_from(
+        pg_namespace.join(pg_authid, pg_namespace.c.nspowner == pg_authid.c.oid)
+    )
+    .where(_schema_not_pg)
+    .where(_schema_not_public),
 )
 
 objects_query = (
@@ -106,6 +125,6 @@
         pg_class.join(pg_namespace, pg_class.c.relnamespace == pg_namespace.c.oid)
     )
     .where(pg_class.c.relkind.in_(["r", "S", "f", "n", "T"]))
-    .where(pg_class.c.relname.not_like("pg_%"))
-    .where(pg_namespace.c.nspname != "information_schema")
+    .where(_table_not_pg)
+    .where(_schema_not_pg)
 )

src/sqlalchemy_declarative_extensions/dialects/postgresql/schema.py

@@ -10,10 +10,6 @@
 
 def grant_ddl(grants: Grants, after: bool):
     def receive_event(metadata: MetaData, connection: Connection, **_):
-        grants: Optional[Grants] = metadata.info.get("grants")
-        if not grants:
-            return
-
         roles: Optional[Roles] = metadata.info.get("roles")
         result = compare_grants(connection, grants, roles=roles)
         for op in result: