cartodb-4.29/lib/carto/oauth_provider/scopes/schemas_scope.rb

module Carto
  module OauthProvider
    module Scopes
      class SchemasScope < DefaultScope
        CREATE_PERMISSIONS = ['create'].freeze

        PERMISSIONS = {
          c: CREATE_PERMISSIONS
        }.freeze

        DESCRIPTIONS = {
          c: "%<schema_name>s schema (create tables)"
        }.freeze

        attr_reader :schema

        def initialize(scope)
          _, permission, @schema = self.class.schema_permission(scope)
          super('database', permission, CATEGORY_SCHEMA, description(permission.to_sym))
          @grant_key = :schemas
          @permission = permission.to_sym
        end

        def name
          return "schemas:#{@permission}:#{@schema}" if @schema

          "schemas:#{@permission}"
        end

        def description(permission = @permission, schema = @schema)
          DESCRIPTIONS[permission] % { schema_name: schema }
        end

        def permission
          PERMISSIONS[@permission]
        end

        def add_to_api_key_grants(grants, user)
          ensure_includes_apis(grants, ['sql'])
          database_section = grant_section(grants)

          schema_section = {
            name: schema || user.database_schema,
            permissions: permission
          }

          database_section[@grant_key] = [] unless database_section.key?(@grant_key)
          database_section[@grant_key] << schema_section

          ensure_grant_section(grants, database_section)
        end

        def self.schema_permission(scope)
          scope.split(':')
        end

        def self.is_a?(scope)
          scope =~ /^schemas:(?:c)(:(?:[a-z0-9_]+$|[a-z0-9-]+))?/
        end

        def self.valid_scopes(scopes)
          scopes.select { |scope| SchemasScope.is_a?(scope) }
        end

        def self.valid_scopes_with_schema(scopes, user)
          schema_scopes = valid_scopes(scopes)

          return [] unless schema_scopes.any?

          allowed = user.db_service.all_schemas_granted_hashed

          valid_scopes = []
          schema_scopes.each do |s|
            scope = Scopes.build(s)
            schema = scope.schema || user.database_schema

            if !allowed[schema].nil? &&
               (scope.permission - allowed[schema]).empty?
              valid_scopes << s
            end
          end
          valid_scopes
        end
      end
    end
  end
end