fix: not all roles appearing

Author: soedirgo

src/api/roles.ts

@@ -40,31 +40,51 @@ router.post('/', async (req, res) => {
   try {
     const {
       name,
-      is_super_user = false,
-      has_create_db_privileges = false,
-      has_replication_privileges = false,
+      is_superuser = false,
+      can_create_db = false,
+      can_create_role = false,
+      inherit_role = true,
+      can_login = false,
+      is_replication_role = false,
       can_bypass_rls = false,
-      connections = -1,
+      connection_limit = -1,
+      password,
       valid_until,
+      member_of,
+      members,
+      admins,
     } = req.body as {
       name: string
-      is_super_user?: boolean
-      has_create_db_privileges?: boolean
-      has_replication_privileges?: boolean
+      is_superuser?: boolean
+      can_create_db?: boolean
+      can_create_role?: boolean
+      inherit_role?: boolean
+      can_login?: boolean
+      is_replication_role?: boolean
       can_bypass_rls?: boolean
-      connections?: number
+      connection_limit?: number
+      password?: string
       valid_until?: string
+      member_of?: string[]
+      members?: string[]
+      admins?: string[]
     }
     const sql = `
 CREATE ROLE ${name}
 WITH
-  ${is_super_user ? 'SUPERUSER' : 'NOSUPERUSER'}
-  ${has_create_db_privileges ? 'CREATEDB' : 'NOCREATEDB'}
-  ${has_replication_privileges ? 'REPLICATION' : 'NOREPLICATION'}
+  ${is_superuser ? 'SUPERUSER' : 'NOSUPERUSER'}
+  ${can_create_db ? 'CREATEDB' : 'NOCREATEDB'}
+  ${can_create_role ? 'CREATEROLE' : 'NOCREATEROLE'}
+  ${inherit_role ? 'INHERIT' : 'NOINHERIT'}
+  ${can_login ? 'LOGIN' : 'NOLOGIN'}
+  ${is_replication_role ? 'REPLICATION' : 'NOREPLICATION'}
   ${can_bypass_rls ? 'BYPASSRLS' : 'NOBYPASSRLS'}
-  CONNECTION LIMIT ${connections}
-  ${valid_until === undefined ? '' : `VALID UNTIL '${valid_until}'`}`
-    console.log(sql)
+  CONNECTION LIMIT ${connection_limit}
+  ${password === undefined ? '' : `PASSWORD '${password}'`}
+  ${valid_until === undefined ? '' : `VALID UNTIL '${valid_until}'`}
+  ${member_of === undefined ? '' : `IN ROLE ${member_of.join(',')}`}
+  ${members === undefined ? '' : `ROLE ${members.join(',')}`}
+  ${admins === undefined ? '' : `ADMIN ${admins.join(',')}`}`
     const { data } = await RunQuery(req.headers.pg, sql)
     return res.status(200).json(data)
   } catch (error) {

src/lib/interfaces.ts

@@ -1,16 +1,19 @@
 export namespace Roles {
   export interface Role {
     name: string
-    id: number
-    has_create_db_privileges: boolean
-    is_super_user: boolean
-    has_replication_privileges: boolean
+    is_superuser: boolean
+    can_create_db: boolean
+    can_create_role: boolean
+    inherit_role: boolean
+    can_login: boolean
+    is_replication_role: boolean
     can_bypass_rls: boolean
-    valid_until: string | null
-    user_config: string | null
-    connections: number
-    max_user_connections: number
-    max_db_connections: number
+    connection_limit: number
+    password: string
+    valid_until: string
+    config: string
+    oid: number
+
     grants: Grant[]
   }
 

src/lib/sql/roles.sql

@@ -1,34 +1,16 @@
 SELECT
-  usename AS name,
-  usesysid AS id,
-  usecreatedb AS has_create_db_privileges,
-  usesuper AS is_super_user,
-  userepl AS has_replication_privileges,
-  usebypassrls AS can_bypass_rls,
-  valuntil AS valid_until,
-  -- Password expiry time (only used for password authentication)
-  useconfig AS user_config,
-  -- Session defaults for run-time configuration variables
-  active_connections.connections,
-  pg_roles.rolconnlimit AS max_user_connections,
-  max_db_connections.max_connections :: int2 AS max_db_connections
+  rolname AS name,
+  rolsuper AS is_superuser,
+  rolcreatedb AS can_create_db,
+  rolcreaterole AS can_create_role,
+  rolinherit AS inherit_role,
+  rolcanlogin AS can_login,
+  rolreplication AS is_replication_role,
+  rolbypassrls AS can_bypass_rls,
+  rolconnlimit AS connection_limit,
+  rolpassword AS password,
+  rolvaliduntil AS valid_until,
+  rolconfig AS config,
+  oid
 FROM
-  pg_user AS users
-  INNER JOIN pg_roles ON users.usename = pg_roles.rolname
-  INNER JOIN LATERAL (
-    SELECT
-      count(*) AS connections
-    FROM
-      pg_stat_activity AS active_connections
-    WHERE
-      state = 'active'
-      AND users.usename = active_connections.usename
-  ) AS active_connections ON 1 = 1
-  INNER JOIN LATERAL (
-    SELECT
-      setting AS max_connections
-    FROM
-      pg_settings
-    WHERE
-      name = 'max_connections'
-  ) AS max_db_connections ON 1 = 1
+  pg_catalog.pg_roles

test/integration/index.spec.js

@@ -197,31 +197,31 @@ describe('/roles', () => {
   it('GET', async () => {
     const res = await axios.get(`${URL}/roles`)
     const datum = res.data.find((x) => x.name == 'postgres')
-    const hasSystemSchema = res.data[0].grants.some((x) => x.schema == 'information_schema')
-    const hasPublicSchema = res.data[0].grants.some((x) => x.schema == 'public')
+    const hasSystemSchema = datum.grants.some((x) => x.schema == 'information_schema')
+    const hasPublicSchema = datum.grants.some((x) => x.schema == 'public')
     assert.equal(res.status, STATUS.SUCCESS)
     assert.equal(true, !!datum)
     assert.equal(hasSystemSchema, false)
     assert.equal(hasPublicSchema, true)
   })
-  // it('POST', async () => {
-  //   await axios.post(`${URL}/roles`, {
-  //     name: 'test',
-  //     is_super_user: true,
-  //     has_create_db_privileges: true,
-  //     has_replication_privileges: true,
-  //     can_bypass_rls: true,
-  //     connections: 100,
-  //     valid_until: '2020-01-01',
-  //   })
-  //   const { data: roles } = await axios.get(`${URL}/roles`)
-  //   const test = roles.find((role) => role.name === 'test')
-  //   assert.equal(test.is_super_user, true)
-  //   assert.equal(test.has_create_db_privileges, true)
-  //   assert.equal(test.has_replication_privileges, true)
-  //   assert.equal(test.can_bypass_rls, true)
-  //   assert.equal(test.connections, 100)
-  //   assert.equal(test.valid_until, '2020-01-01')
-  //   await axios.post(`${URL}/roles`, { query: 'DROP ROLE test' })
-  // })
+  it('POST', async () => {
+    await axios.post(`${URL}/roles`, {
+      name: 'test',
+      is_superuser: true,
+      can_create_db: true,
+      is_replication_role: true,
+      can_bypass_rls: true,
+      connection_limit: 100,
+      valid_until: '2020-01-01T00:00:00.000Z',
+    })
+    const { data: roles } = await axios.get(`${URL}/roles`)
+    const test = roles.find((role) => role.name === 'test')
+    assert.equal(test.is_superuser, true)
+    assert.equal(test.can_create_db, true)
+    assert.equal(test.is_replication_role, true)
+    assert.equal(test.can_bypass_rls, true)
+    assert.equal(test.connection_limit, 100)
+    assert.equal(test.valid_until, '2020-01-01T00:00:00.000Z')
+    await axios.post(`${URL}/query`, { query: 'DROP ROLE test;' })
+  })
 })