Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include reasoning logic when restricting db #767

Merged
merged 9 commits into from
Jun 6, 2024
47 changes: 33 additions & 14 deletions src/clj/fluree/db/api/query.cljc
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
(ns fluree.db.api.query
"Primary API ns for any user-invoked actions. Wrapped by language & use specific APIS
that are directly exposed"
(:require [clojure.string :as str]
(:require [clojure.core.async :as async]
[clojure.string :as str]
[fluree.json-ld :as json-ld]
[fluree.db.fuel :as fuel]
[fluree.db.ledger.json-ld :as jld-ledger]
[fluree.db.ledger :as ledger]
Expand All @@ -16,7 +18,9 @@
[fluree.db.util.context :as ctx-util]
[fluree.db.json-ld.policy :as perm]
[fluree.db.json-ld.credential :as cred]
[fluree.db.nameservice.core :as nameservice]))
[fluree.db.nameservice.core :as nameservice]
[fluree.db.reasoner :as reasoner]
[fluree.db.validation :as v]))

#?(:clj (set! *warn-on-reflection* true))

Expand All @@ -43,13 +47,23 @@
(defn restrict-db
[db t context opts]
(go-try
(let [db* (if-let [policy-identity (perm/parse-policy-identity opts context)]
(<? (perm/wrap-policy db policy-identity))
db)
db** (-> (if t
(<? (time-travel/as-of db* t))
db*))]
(assoc-in db** [:policy :cache] (atom {})))))
(let [policy-db (if-let [policy-identity (perm/parse-policy-identity opts context)]
(<? (perm/wrap-policy db policy-identity))
db)
time-travel-db (-> (if t
(<? (time-travel/as-of policy-db t))
policy-db))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love these more descriptive var names!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the new policy PR, this has changed a little bit so the above wouldn't be compatible. Now you compose dbs, instead of a bunch of if conditions in the API. In this case if you wanted a db to be policy-wrapped, you'd call that API first explicitly. This no longer looks for this option in a regular query.

Also if a query is wrapped in a verifiable credential, there is a new explity query API for that... so this check won't be done always.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like that PR has failing checks, should I wait for it to be merged and then adjust this PR to work with it?

reasoned-db (let [{:keys [reasoners reasoner-rules reasoner-rules-db]} opts]
(if reasoners
;; Currently we only support one rule source, so we take the first db or first
;; reason graph that we find.
(<? (reasoner/reason time-travel-db
reasoners
(or (first reasoner-rules-db)
(first reasoner-rules))
opts))
time-travel-db))]
(assoc-in reasoned-db [:policy :cache] (atom {})))))

(defn track-query
[ds max-fuel query]
Expand Down Expand Up @@ -160,11 +174,16 @@
(go-try
(try*
(let [[alias explicit-t] (extract-query-string-t alias)
address (<? (nameservice/primary-address conn alias nil))
ledger (<? (jld-ledger/load conn address))
db (ledger/-db ledger)
t* (or explicit-t t)]
(<? (restrict-db db t* context opts)))
address (<? (nameservice/primary-address conn alias nil))
ledger (<? (jld-ledger/load conn address))
db (ledger/-db ledger)
t* (or explicit-t t)
rules-db (let [dbs-or-aliases (:reasoner-rules-db opts)]
(if (string? (first dbs-or-aliases))
[(ledger/-db (<? (jld-ledger/load conn (first dbs-or-aliases))))]
dbs-or-aliases))
opts* (assoc opts :reasoner-rules-db rules-db)]
(<? (restrict-db db t* context opts*)))
(catch* e
(throw (contextualize-ledger-400-error
(str "Error loading ledger " alias ": ")
Expand Down