feat(policy): implementing check function (#255)

* feat(policy): implementing `check` function

* addressing PR comments

Author: ymc9

packages/language/res/stdlib.zmodel

@@ -594,16 +594,6 @@ function datetime(field: String): Boolean {
 function url(field: String): Boolean {
 } @@@expressionContext([ValidationRule])
 
-/**
- * Checks if the current user can perform the given operation on the given field.
- *
- * @param field: The field to check access for
- * @param operation: The operation to check access for. Can be "read", "create", "update", or "delete". If the operation is not provided,
- * it defaults the operation of the containing policy rule.
- */
-function check(field: Any, operation: String?): Boolean {
-} @@@expressionContext([AccessPolicy])
-
 //////////////////////////////////////////////
 // End validation attributes and functions
 //////////////////////////////////////////////

packages/language/src/utils.ts

@@ -357,8 +357,9 @@ export function getFieldReference(expr: Expression): DataField | undefined {
     }
 }
 
+// TODO: move to policy plugin
 export function isCheckInvocation(node: AstNode) {
-    return isInvocationExpr(node) && node.function.ref?.name === 'check' && isFromStdlib(node.function.ref);
+    return isInvocationExpr(node) && node.function.ref?.name === 'check';
 }
 
 export function resolveTransitiveImports(documents: LangiumDocuments, model: Model) {

packages/language/src/validators/function-invocation-validator.ts

@@ -170,6 +170,7 @@ export default class FunctionInvocationValidator implements AstValidator<Express
         return true;
     }
 
+    // TODO: move this to policy plugin
     @func('check')
     // @ts-expect-error
     private _checkCheck(expr: InvocationExpr, accept: ValidationAcceptor) {

packages/runtime/src/client/contract.ts

@@ -213,6 +213,11 @@ export interface ClientConstructor {
  */
 export type CRUD = 'create' | 'read' | 'update' | 'delete';
 
+/**
+ * CRUD operations.
+ */
+export const CRUD = ['create', 'read', 'update', 'delete'] as const;
+
 //#region Model operations
 
 export type AllModelOperations<Schema extends SchemaDef, Model extends GetModels<Schema>> = {

packages/runtime/src/client/executor/kysely-utils.ts

@@ -17,8 +17,8 @@ import {
     type OperationNode,
 } from 'kysely';
 import type { FieldDef, ModelDef, SchemaDef } from '../../schema';
+import { extractFieldName, extractModelName, stripAlias } from '../kysely-utils';
 import { getModel, requireModel } from '../query-utils';
-import { stripAlias } from './kysely-utils';
 
 type Scope = {
     model?: string;
@@ -170,7 +170,7 @@ export class QueryNameMapper extends OperationNodeTransformer {
         const scopes: Scope[] = node.from.froms.map((node) => {
             const { alias, node: innerNode } = stripAlias(node);
             return {
-                model: this.extractModelName(innerNode),
+                model: extractModelName(innerNode),
                 alias,
                 namesMapped: false,
             };
@@ -219,8 +219,8 @@ export class QueryNameMapper extends OperationNodeTransformer {
                     selections.push(SelectionNode.create(transformed));
                 } else {
                     // otherwise use an alias to preserve the original field name
-                    const origFieldName = this.extractFieldName(selection.selection);
-                    const fieldName = this.extractFieldName(transformed);
+                    const origFieldName = extractFieldName(selection.selection);
+                    const fieldName = extractFieldName(transformed);
                     if (fieldName !== origFieldName) {
                         selections.push(
                             SelectionNode.create(
@@ -425,7 +425,7 @@ export class QueryNameMapper extends OperationNodeTransformer {
     private processSelection(node: AliasNode | ColumnNode | ReferenceNode) {
         let alias: string | undefined;
         if (!AliasNode.is(node)) {
-            alias = this.extractFieldName(node);
+            alias = extractFieldName(node);
         }
         const result = super.transformNode(node);
         return this.wrapAlias(result, alias ? IdentifierNode.create(alias) : undefined);
@@ -451,20 +451,5 @@ export class QueryNameMapper extends OperationNodeTransformer {
         });
     }
 
-    private extractModelName(node: OperationNode): string | undefined {
-        const { node: innerNode } = stripAlias(node);
-        return TableNode.is(innerNode!) ? innerNode!.table.identifier.name : undefined;
-    }
-
-    private extractFieldName(node: ReferenceNode | ColumnNode) {
-        if (ReferenceNode.is(node) && ColumnNode.is(node.column)) {
-            return node.column.column.name;
-        } else if (ColumnNode.is(node)) {
-            return node.column.name;
-        } else {
-            return undefined;
-        }
-    }
-
     // #endregion
 }

packages/runtime/src/client/executor/name-mapper.ts

@@ -26,8 +26,8 @@ import type { GetModels, SchemaDef } from '../../schema';
 import { type ClientImpl } from '../client-impl';
 import { TransactionIsolationLevel, type ClientContract } from '../contract';
 import { InternalError, QueryError } from '../errors';
+import { stripAlias } from '../kysely-utils';
 import type { AfterEntityMutationCallback, OnKyselyQueryCallback } from '../plugin';
-import { stripAlias } from './kysely-utils';
 import { QueryNameMapper } from './name-mapper';
 import type { ZenStackDriver } from './zenstack-driver';
 

packages/runtime/src/client/executor/zenstack-query-executor.ts

@@ -0,0 +1,33 @@
+import { type OperationNode, AliasNode, ColumnNode, ReferenceNode, TableNode } from 'kysely';
+
+/**
+ * Strips alias from the node if it exists.
+ */
+export function stripAlias(node: OperationNode) {
+    if (AliasNode.is(node)) {
+        return { alias: node.alias, node: node.node };
+    } else {
+        return { alias: undefined, node };
+    }
+}
+
+/**
+ * Extracts model name from an OperationNode.
+ */
+export function extractModelName(node: OperationNode) {
+    const { node: innerNode } = stripAlias(node);
+    return TableNode.is(innerNode!) ? innerNode!.table.identifier.name : undefined;
+}
+
+/**
+ * Extracts field name from an OperationNode.
+ */
+export function extractFieldName(node: OperationNode) {
+    if (ReferenceNode.is(node) && ColumnNode.is(node.column)) {
+        return node.column.column.name;
+    } else if (ColumnNode.is(node)) {
+        return node.column.name;
+    } else {
+        return undefined;
+    }
+}

packages/runtime/src/client/kysely-utils.ts

@@ -7,8 +7,29 @@ import type { RuntimePlugin } from './plugin';
 import type { ToKyselySchema } from './query-builder';
 
 export type ZModelFunctionContext<Schema extends SchemaDef> = {
+    /**
+     * ZenStack client instance
+     */
+    client: ClientContract<Schema>;
+
+    /**
+     * Database dialect
+     */
     dialect: BaseCrudDialect<Schema>;
+
+    /**
+     * The containing model name
+     */
     model: GetModels<Schema>;
+
+    /**
+     * The alias name that can be used to refer to the containing model
+     */
+    modelAlias: string;
+
+    /**
+     * The CRUD operation being performed
+     */
     operation: CRUD;
 };
 

packages/runtime/src/client/options.ts

@@ -3,6 +3,7 @@ import type { ClientContract } from '.';
 import type { GetModels, SchemaDef } from '../schema';
 import type { MaybePromise } from '../utils/type-utils';
 import type { AllCrudOperation } from './crud/operations/base';
+import type { ZModelFunction } from './options';
 
 /**
  * ZenStack runtime plugin.
@@ -23,6 +24,11 @@ export interface RuntimePlugin<Schema extends SchemaDef = SchemaDef> {
      */
     description?: string;
 
+    /**
+     * Custom function implementations.
+     */
+    functions?: Record<string, ZModelFunction<Schema>>;
+
     /**
      * Intercepts an ORM query.
      */