qail-core 0.27.8

AST-native query builder - type-safe expressions, zero SQL strings
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258

//! Tenant Table Registry — tracks which tables require tenant-scope injection.
//!
//! Follows the same pattern as `RelationRegistry` for `join_on()`:
//! a global `RwLock<TenantRegistry>` loaded from `schema.qail` at startup.
//!
//! # Example
//! ```
//! use qail_core::rls::tenant::{register_tenant_table, lookup_tenant_column};
//!
//! register_tenant_table("orders", "tenant_id");
//! assert_eq!(lookup_tenant_column("orders"), Some("tenant_id".to_string()));
//! assert_eq!(lookup_tenant_column("migrations"), None);
//! ```

use std::collections::HashMap;
use std::sync::LazyLock;
use std::sync::RwLock;

/// Registry of tables that participate in tenant-scope isolation.
///
/// Each entry maps a table name to its tenant column (`tenant_id`).
#[derive(Debug, Default)]
pub struct TenantRegistry {
    tables: HashMap<String, String>,
}

impl TenantRegistry {
    /// Create an empty registry.
    pub fn new() -> Self {
        Self::default()
    }

    /// Register a table as tenant-scoped.
    ///
    /// # Arguments
    /// * `table` — table name (e.g., `"orders"`)
    /// * `column` — tenant column (e.g., `"tenant_id"`)
    pub fn register(&mut self, table: impl Into<String>, column: impl Into<String>) {
        self.tables.insert(table.into(), column.into());
    }

    /// Lookup the tenant column for a table.
    /// Returns `None` if the table is not tenant-scoped.
    pub fn get(&self, table: &str) -> Option<&str> {
        self.tables.get(table).map(|s| s.as_str())
    }

    /// Check if a table is tenant-scoped.
    pub fn is_tenant_table(&self, table: &str) -> bool {
        self.tables.contains_key(table)
    }

    /// Number of registered tenant tables.
    pub fn len(&self) -> usize {
        self.tables.len()
    }

    /// Returns true if no tables are registered.
    pub fn is_empty(&self) -> bool {
        self.tables.is_empty()
    }

    /// Get all registered tenant tables.
    pub fn tables(&self) -> impl Iterator<Item = (&str, &str)> {
        self.tables.iter().map(|(k, v)| (k.as_str(), v.as_str()))
    }

    /// Load tenant tables from a parsed build::Schema.
    ///
    /// Scans all tables for columns named `tenant_id`.
    pub fn from_build_schema(schema: &crate::build::Schema) -> Self {
        let mut registry = Self::new();

        for table in schema.tables.values() {
            if table.columns.contains_key("tenant_id") {
                registry.register(&table.name, "tenant_id");
            }
        }

        registry
    }
}

/// Global tenant registry, loaded at startup.
pub static TENANT_TABLES: LazyLock<RwLock<TenantRegistry>> =
    LazyLock::new(|| RwLock::new(TenantRegistry::new()));

/// Register a single table as tenant-scoped at runtime.
///
/// # Example
/// ```
/// use qail_core::rls::tenant::register_tenant_table;
/// register_tenant_table("orders", "tenant_id");
/// ```
pub fn register_tenant_table(table: &str, column: &str) {
    if let Ok(mut reg) = TENANT_TABLES.write() {
        reg.register(table, column);
    }
}

/// Lookup the tenant column for a table.
/// Returns `None` if not a tenant-scoped table.
///
/// # Example
/// ```
/// use qail_core::rls::tenant::{register_tenant_table, lookup_tenant_column};
/// register_tenant_table("orders", "tenant_id");
/// assert_eq!(lookup_tenant_column("orders"), Some("tenant_id".to_string()));
/// ```
pub fn lookup_tenant_column(table: &str) -> Option<String> {
    let registry = TENANT_TABLES.read().ok()?;
    registry.get(table).map(|s| s.to_string())
}

/// Load tenant tables from a schema.qail file.
/// Auto-detects tables with `tenant_id` columns.
/// Returns the number of tenant tables found.
pub fn load_tenant_tables(path: &str) -> Result<usize, String> {
    let schema = crate::build::Schema::parse_file(path)?;
    let mut registry = TENANT_TABLES
        .write()
        .map_err(|e| format!("Lock error: {}", e))?;

    let mut count = 0;
    for table in schema.tables.values() {
        if table.columns.contains_key("tenant_id") {
            registry.register(&table.name, "tenant_id");
            count += 1;
        }
    }

    Ok(count)
}

/// Bulk-register multiple tenant tables at once.
///
/// Useful for application startup when you know the tenant tables.
///
/// # Example
/// ```
/// use qail_core::rls::tenant::register_tenant_tables;
/// register_tenant_tables(&[
///     ("orders", "tenant_id"),
///     ("bookings", "tenant_id"),
///     ("users", "tenant_id"),
/// ]);
/// ```
pub fn register_tenant_tables(tables: &[(&str, &str)]) {
    if let Ok(mut reg) = TENANT_TABLES.write() {
        for (table, column) in tables {
            reg.register(*table, *column);
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::sync::{Mutex, OnceLock};

    fn registry_test_lock() -> std::sync::MutexGuard<'static, ()> {
        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
        LOCK.get_or_init(|| Mutex::new(()))
            .lock()
            .expect("tenant registry test mutex poisoned")
    }

    fn clear_global_registry() {
        if let Ok(mut reg) = TENANT_TABLES.write() {
            *reg = TenantRegistry::new();
        }
    }

    #[test]
    fn test_registry_register_and_lookup() {
        let mut reg = TenantRegistry::new();
        reg.register("orders", "tenant_id");
        reg.register("bookings", "tenant_id");

        assert_eq!(reg.get("orders"), Some("tenant_id"));
        assert_eq!(reg.get("bookings"), Some("tenant_id"));
        assert_eq!(reg.get("migrations"), None);
    }

    #[test]
    fn test_registry_is_tenant_table() {
        let mut reg = TenantRegistry::new();
        reg.register("orders", "tenant_id");

        assert!(reg.is_tenant_table("orders"));
        assert!(!reg.is_tenant_table("users"));
    }

    #[test]
    fn test_registry_len() {
        let mut reg = TenantRegistry::new();
        assert!(reg.is_empty());

        reg.register("orders", "tenant_id");
        assert_eq!(reg.len(), 1);
        assert!(!reg.is_empty());
    }

    #[test]
    fn test_global_register_and_lookup() {
        let _lock = registry_test_lock();
        clear_global_registry();

        // Use unique table names to avoid test interference
        register_tenant_table("_test_t1", "tenant_id");
        assert_eq!(
            lookup_tenant_column("_test_t1"),
            Some("tenant_id".to_string())
        );
        assert_eq!(lookup_tenant_column("_test_nonexistent"), None);

        // Clean up
        clear_global_registry();
    }

    #[test]
    fn test_bulk_register() {
        let _lock = registry_test_lock();
        clear_global_registry();

        register_tenant_tables(&[("_test_bulk_a", "tenant_id"), ("_test_bulk_b", "tenant_id")]);

        assert_eq!(
            lookup_tenant_column("_test_bulk_a"),
            Some("tenant_id".to_string())
        );
        assert_eq!(
            lookup_tenant_column("_test_bulk_b"),
            Some("tenant_id".to_string())
        );

        // Clean up
        clear_global_registry();
    }

    #[test]
    fn test_from_build_schema_prefers_tenant_id() {
        let schema = crate::build::Schema::parse(
            r#"
table orders {
  id UUID
  tenant_id UUID
}

"#,
        )
        .expect("schema should parse");

        let reg = TenantRegistry::from_build_schema(&schema);
        assert_eq!(reg.get("orders"), Some("tenant_id"));
        assert_eq!(reg.get("legacy_bookings"), None);
    }
}