Skip to content

Commit 6458920

Browse files
authored
Merge pull request #2333 from terminusdb/bugfix/set-operators-for-non-admin-plus-checks
Fix set operators and other WOQL predicates for non-admin users
2 parents 8bb53b3 + 9c78210 commit 6458920

File tree

2 files changed

+68
-0
lines changed

2 files changed

+68
-0
lines changed

docs/RELEASE_NOTES.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
# TerminusDB Server v12.0.2 Release Notes
2+
## Bug fixes
3+
* New set operators also work for non-admin users
4+
15
# TerminusDB Server v12.0.1 Release Notes
26

37
## Enhancements

src/core/query/woql_compile.pl

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -981,6 +981,13 @@
981981
find_resources(P, Collection, DRG, DWG, Read, Write).
982982
find_resources(not(P), Collection, DRG, DWG, Read, Write) :-
983983
find_resources(P, Collection, DRG, DWG, Read, Write).
984+
find_resources(immediately(P), Collection, DRG, DWG, Read, Write) :-
985+
find_resources(P, Collection, DRG, DWG, Read, Write).
986+
find_resources(prefixes(_,P), Collection, DRG, DWG, Read, Write) :-
987+
find_resources(P, Collection, DRG, DWG, Read, Write).
988+
find_resources(with(_,_,P), Collection, DRG, DWG, Read, Write) :-
989+
find_resources(P, Collection, DRG, DWG, Read, Write).
990+
find_resources(call(_,_), _, _, _, [], []).
984991
find_resources(get(_,_,_), _, _, _, [], []).
985992
find_resources(typecast(_,_,_), _, _, _, [], []).
986993
find_resources(hash(_,_,_), _, _, _, [], []).
@@ -1014,6 +1021,15 @@
10141021
find_resources(timestamp_now(_),_, _, _, [], []).
10151022
find_resources(false,_, _, _, [], []).
10161023
find_resources(true,_, _, _, [], []).
1024+
find_resources(list_to_set(_,_),_, _, _, [], []).
1025+
find_resources(set_difference(_,_,_),_, _, _, [], []).
1026+
find_resources(set_intersection(_,_,_),_, _, _, [], []).
1027+
find_resources(set_union(_,_,_),_, _, _, [], []).
1028+
find_resources(set_member(_,_),_, _, _, [], []).
1029+
find_resources(addition(_,_,_), Collection, DRG, _DWG, [resource(Collection,DRG)], []).
1030+
find_resources(addition(_,_,_,_), Collection, DRG, _DWG, [resource(Collection,DRG)], []).
1031+
find_resources(removal(_,_,_), Collection, DRG, _DWG, [resource(Collection,DRG)], []).
1032+
find_resources(removal(_,_,_,_), Collection, DRG, _DWG, [resource(Collection,DRG)], []).
10171033

10181034
assert_pre_flight_access(Context, _AST) :-
10191035
is_super_user(Context.authorization, Context.prefixes),
@@ -6328,6 +6344,54 @@
63286344

63296345
:- end_tests(store_load_data).
63306346

6347+
:- begin_tests(predicate_coverage).
6348+
6349+
/**
6350+
* Test to automatically detect compile_wf predicates missing find_resources clauses
6351+
*
6352+
* This prevents the bug where new WOQL operations are added but find_resources
6353+
* is not updated, causing authorization failures for non-super-users.
6354+
*
6355+
* The test automatically introspects all compile_wf/4 clauses and verifies
6356+
* each has a corresponding find_resources/6 clause.
6357+
*/
6358+
6359+
test(all_compile_wf_predicates_have_find_resources, []) :-
6360+
% Get all unique compile_wf functors (compile_wf is a DCG, so it's /4 after expansion)
6361+
findall(Functor/Arity,
6362+
( clause(compile_wf(Head, _, _, _), _),
6363+
functor(Head, Functor, Arity)
6364+
),
6365+
AllCompileWf),
6366+
sort(AllCompileWf, CompileWfFunctors),
6367+
6368+
% Get all unique find_resources functors
6369+
findall(Functor/Arity,
6370+
( clause(find_resources(Head, _, _, _, _, _), _),
6371+
functor(Head, Functor, Arity)
6372+
),
6373+
AllFindResources),
6374+
sort(AllFindResources, FindResourcesFunctors),
6375+
6376+
% Find missing: in compile_wf but not in find_resources
6377+
findall(F/A,
6378+
( member(F/A, CompileWfFunctors),
6379+
\+ memberchk(F/A, FindResourcesFunctors)
6380+
),
6381+
Missing),
6382+
6383+
( Missing = []
6384+
-> true
6385+
; format(user_error,
6386+
'ERROR: The following compile_wf predicates are missing find_resources clauses:~n ~w~n',
6387+
[Missing]),
6388+
format(user_error,
6389+
'Add find_resources/6 clauses for these predicates to fix authorization for non-super-users.~n', []),
6390+
fail
6391+
).
6392+
6393+
:- end_tests(predicate_coverage).
6394+
63316395
:- begin_tests(preflight).
63326396
:- use_module(core(util/test_utils)).
63336397
:- use_module(core(api)).

0 commit comments

Comments
 (0)