Update generator

Emyrk · Emyrk · commit a8a63d45db7e · 2023-10-17T18:27:38.000-05:00
diff --git a/coderd/database/spice/policy/playground/export.go b/coderd/database/spice/policy/playground/export.go
@@ -7,21 +7,28 @@ import (
 	"github.com/coder/coder/v2/coderd/database/spice/policy"
 )
 
+type AssertStruct struct {
+	True  []string `yaml:"assertTrue"`
+	False []string `yaml:"assertFalse"`
+}
+
 type PlaygroundYAML struct {
-	Schema        string `yaml:"schema"`
-	Relationships string `yaml:"relationships"`
-	Assertions    struct {
-		True  []string `yaml:"assertTrue"`
-		False []string `yaml:"assertFalse"`
-	} `yaml:"assertions"`
-	Validation map[string][]string `yaml:"validation"`
+	Schema        string              `yaml:"schema"`
+	Relationships string              `yaml:"relationships"`
+	Assertions    AssertStruct        `yaml:"assertions"`
+	Validation    map[string][]string `yaml:"validation"`
 }
 
 func PlaygroundExport() string {
 	relationships.GenerateRelationships()
 	y := PlaygroundYAML{
 		Schema:        policy.Schema,
 		Relationships: relationships.AllRelationsToStrings(),
+		Assertions: AssertStruct{
+			True:  relationships.AllAssertTrue(),
+			False: relationships.AllAssertFalse(),
+		},
+		Validation: relationships.AllValidations(),
 	}
 	out, err := yaml.Marshal(y)
 	if err != nil {
diff --git a/coderd/database/spice/policy/playground/relationships/generate.sh b/coderd/database/spice/policy/playground/relationships/generate.sh
@@ -0,0 +1 @@
+go run ./generate/main.go > objects_tmp.go && mv objects_tmp.go objects.go
diff --git a/coderd/database/spice/policy/playground/relationships/generate/main.go b/coderd/database/spice/policy/playground/relationships/generate/main.go
@@ -37,6 +37,7 @@ func Generate() string {
 
 	tpl := template.New("zanzobjects").Funcs(template.FuncMap{
 		"capitalize": capitalize,
+		"unique":     uniquePermissions,
 	})
 
 	tpl, err = tpl.Parse(templateText)
@@ -45,6 +46,8 @@ func Generate() string {
 	}
 
 	var output strings.Builder
+	output.WriteString(`// Code generated. DO NOT EDIT.`)
+	output.WriteString("\n")
 	output.WriteString(`package relationships`)
 	output.WriteString("\n")
 	output.WriteString(`import v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"`)
@@ -62,6 +65,7 @@ func Generate() string {
 
 	formatted, err := format.Source([]byte(output.String()))
 	if err != nil {
+		fmt.Println(output.String())
 		panic(err)
 	}
 	return string(formatted)
@@ -71,9 +75,15 @@ type objectDefinition struct {
 	// The core type
 	*core.NamespaceDefinition
 
+	Permissions     []objectPermission
 	DirectRelations []objectDirectRelation
 }
 
+type objectPermission struct {
+	Permission   string
+	FunctionName string
+}
+
 type objectDirectRelation struct {
 	RelationName string
 	FunctionName string
@@ -85,14 +95,15 @@ func newDef(obj *core.NamespaceDefinition) objectDefinition {
 		NamespaceDefinition: obj,
 	}
 	rels := make([]objectDirectRelation, 0)
-
-	//if obj.Name == "group" {
-	//	fmt.Println("")
-	//}
+	perms := make([]objectPermission, 0)
 
 	for _, r := range obj.Relation {
 		if r.UsersetRewrite != nil {
 			// This is a permission.
+			perms = append(perms, objectPermission{
+				Permission:   r.Name,
+				FunctionName: capitalize(r.Name),
+			})
 			continue
 		}
 
@@ -144,5 +155,20 @@ func newDef(obj *core.NamespaceDefinition) objectDefinition {
 		rels = append(rels, multipleSubjects...)
 	}
 	d.DirectRelations = rels
+	d.Permissions = perms
 	return d
 }
+
+func uniquePermissions(perms []objectPermission) []objectPermission {
+	seen := make(map[string]struct{})
+	out := make([]objectPermission, 0)
+	for _, perm := range perms {
+		perm := perm
+		if _, ok := seen[perm.Permission]; ok {
+			continue
+		}
+		seen[perm.Permission] = struct{}{}
+		out = append(out, perm)
+	}
+	return out
+}
diff --git a/coderd/database/spice/policy/playground/relationships/generate/relationships.tmpl b/coderd/database/spice/policy/playground/relationships/generate/relationships.tmpl
@@ -20,11 +20,15 @@ func (obj *Obj{{ capitalize $outerName }}) Type() string {
 	return "{{ .Name }}"
 }
 
+func (obj *Obj{{ capitalize $outerName }}) Object() *v1.ObjectReference {
+	return obj.Obj
+}
+
 
 {{ range $index, $element := .DirectRelations }}
 {{ if eq $element.Subject.Object.ObjectId "*" }}
 func (obj *Obj{{ capitalize $outerName }}) {{ capitalize $element.RelationName }}Wildcard() *Obj{{ capitalize $outerName }}{
-	obj.Add(v1.Relationship{
+	obj.AddRelation(v1.Relationship{
 		Resource: obj.Obj,
 		Relation: "{{ $element.RelationName }}",
 		Subject: &v1.SubjectReference{
@@ -44,7 +48,7 @@ func (obj *Obj{{ capitalize $outerName }}) {{ capitalize $element.RelationName }
 func (obj *Obj{{ capitalize $outerName }}) {{ capitalize $element.FunctionName }}(subs ...*Obj{{ capitalize $element.Subject.Object.ObjectType }}) *Obj{{ capitalize $outerName }}{
 	for i := range subs {
 		sub := subs[i]
-		obj.Add(v1.Relationship{
+		obj.AddRelation(v1.Relationship{
 			Resource: obj.Obj,
 			Relation: "{{ $element.RelationName }}",
 			Subject: &v1.SubjectReference{
@@ -57,5 +61,52 @@ func (obj *Obj{{ capitalize $outerName }}) {{ capitalize $element.FunctionName }
 	return obj
 }
 {{ end }}
+{{ end }}
+
+
+{{ range $index, $element := unique .Permissions }}
+func (obj *Obj{{ capitalize $outerName }}) Validate{{ $element.FunctionName }}() *Obj{{ capitalize $outerName }} {
+	obj.AddValidation(v1.Relationship{
+		Resource: obj.Obj,
+		Relation: "{{ $element.Permission }}",
+		OptionalCaveat: nil,
+	})
+	return obj
+}
+{{ end }}
+
+
+{{ range $index, $element := .Permissions }}
+func (obj *Obj{{ capitalize $outerName }}) Can{{ capitalize $element.FunctionName }}By(subs ...ObjectWithRelationships) *Obj{{ capitalize $outerName }}{
+	for i := range subs {
+		sub := subs[i]
+		obj.AssertTrue(v1.Relationship{
+			Resource: obj.Obj,
+			Relation: "{{ $element.Permission }}",
+			Subject: &v1.SubjectReference{
+				Object:           sub.Object(),
+				OptionalRelation: "",
+			},
+			OptionalCaveat: nil,
+		})
+	}
+	return obj
+}
+
+func (obj *Obj{{ capitalize $outerName }}) Cannot{{ capitalize $element.FunctionName }}By(subs ...ObjectWithRelationships) *Obj{{ capitalize $outerName }}{
+	for i := range subs {
+		sub := subs[i]
+		obj.AssertFalse(v1.Relationship{
+			Resource: obj.Obj,
+			Relation: "{{ $element.Permission }}",
+			Subject: &v1.SubjectReference{
+				Object:           sub.Object(),
+				OptionalRelation: "",
+			},
+			OptionalCaveat: nil,
+		})
+	}
+	return obj
+}
 
 {{ end }}
diff --git a/coderd/database/spice/policy/playground/relationships/manualobjects.go b/coderd/database/spice/policy/playground/relationships/manualobjects.go
@@ -5,37 +5,116 @@ import (
 	"sort"
 	"strings"
 
+	core "github.com/authzed/spicedb/pkg/proto/core/v1"
+
 	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
 	"github.com/authzed/spicedb/pkg/tuple"
 )
 
 func NewRelationships() *Relationships {
 	return &Relationships{
-		Relations: []v1.Relationship{},
+		Relations:   []v1.Relationship{},
+		True:        []v1.Relationship{},
+		False:       []v1.Relationship{},
+		Validations: []v1.Relationship{},
 	}
 }
 
 type Relationships struct {
-	Relations []v1.Relationship
+	Relations   []v1.Relationship
+	True        []v1.Relationship
+	False       []v1.Relationship
+	Validations []v1.Relationship
+}
+
+func (r *Relationships) AddValidation(relationship v1.Relationship) {
+	r.Validations = append(r.Validations, relationship)
 }
 
+// AddRelation adds the graph relation for the playground.
 func (r *Relationships) AddRelation(relationship v1.Relationship) {
 	r.Relations = append(r.Relations, relationship)
 }
 
-//func (r *Relationships)
+func (r *Relationships) AssertTrue(relationship v1.Relationship) {
+	r.True = append(r.True, relationship)
+}
+
+func (r *Relationships) AssertFalse(relationship v1.Relationship) {
+	r.False = append(r.False, relationship)
+}
 
 func (r Relationships) AllRelations() []v1.Relationship {
 	return r.Relations
 }
 
+func (r Relationships) AllFalse() []v1.Relationship {
+	return r.False
+}
+
+func (r Relationships) AllTrue() []v1.Relationship {
+	return r.True
+}
+
+func (r Relationships) AllValidations() []v1.Relationship {
+	return r.Validations
+}
+
 type ObjectWithRelationships interface {
 	AllRelations() []v1.Relationship
+	AllTrue() []v1.Relationship
+	AllFalse() []v1.Relationship
+	AllValidations() []v1.Relationship
 	Type() string
+	Object() *v1.ObjectReference
 }
 
 var allObjects []ObjectWithRelationships
 
+func AllAssertTrue() []string {
+	all := make([]string, 0)
+	for _, o := range allObjects {
+		for _, t := range o.AllTrue() {
+			rStr, err := tuple.StringRelationship(&t)
+			if err != nil {
+				panic(err)
+			}
+			all = append(all, rStr)
+		}
+	}
+	return all
+}
+
+func AllValidations() map[string][]string {
+	all := make(map[string][]string, 0)
+	for _, o := range allObjects {
+		for _, t := range o.AllValidations() {
+			rStr := tuple.StringONR(&core.ObjectAndRelation{
+				Namespace: t.Resource.ObjectType,
+				ObjectId:  t.Resource.ObjectId,
+				Relation:  t.Relation,
+			})
+
+			all[rStr] = []string{}
+		}
+	}
+	return all
+}
+
+func AllAssertFalse() []string {
+	all := make([]string, 0)
+	for _, o := range allObjects {
+		for _, t := range o.AllFalse() {
+			rStr, err := tuple.StringRelationship(&t)
+			if err != nil {
+				panic(err)
+			}
+			all = append(all, rStr)
+		}
+	}
+	return all
+}
+
 func AllRelationsToStrings() string {
 	// group all the objects
 	buckets := make(map[string][]ObjectWithRelationships)
diff --git a/coderd/database/spice/policy/playground/relationships/objects.go b/coderd/database/spice/policy/playground/relationships/objects.go
diff --git a/coderd/database/spice/policy/playground/relationships/relationships.go b/coderd/database/spice/policy/playground/relationships/relationships.go

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+go run ./generate/main.go > objects_tmp.go && mv objects_tmp.go objects.go`