2025-09-14 16:19:44 -04:00
|
|
|
use std::collections::HashMap;
|
|
|
|
|
|
|
|
|
|
use axum::{
|
|
|
|
|
debug_handler,
|
|
|
|
|
extract::{Path, State},
|
|
|
|
|
response::Response,
|
|
|
|
|
};
|
|
|
|
|
// [`axum_extra`]'s form extractor is required to support repeated keys:
|
|
|
|
|
// https://docs.rs/axum-extra/0.10.1/axum_extra/extract/struct.Form.html#differences-from-axumextractform
|
|
|
|
|
use axum_extra::extract::Form;
|
2025-11-19 01:45:58 +00:00
|
|
|
use phono_backends::{escape_identifier, pg_acl::PgPrivilegeType, pg_class::PgClass};
|
|
|
|
|
use phono_models::{
|
2025-11-19 01:31:09 +00:00
|
|
|
accessors::{Accessor as _, Actor, portal::PortalAccessor},
|
|
|
|
|
datum::Datum,
|
|
|
|
|
};
|
2025-09-14 16:19:44 -04:00
|
|
|
use serde::Deserialize;
|
|
|
|
|
use sqlx::{postgres::types::Oid, query};
|
|
|
|
|
use uuid::Uuid;
|
|
|
|
|
|
|
|
|
|
use crate::{
|
2025-09-23 13:08:51 -07:00
|
|
|
app::{App, AppDbConn},
|
|
|
|
|
errors::{AppError, forbidden},
|
2025-10-01 22:36:19 -07:00
|
|
|
navigator::{Navigator, NavigatorPage as _},
|
2025-09-14 16:19:44 -04:00
|
|
|
user::CurrentUser,
|
2025-09-23 13:08:51 -07:00
|
|
|
workspace_pooler::{RoleAssignment, WorkspacePooler},
|
2025-09-14 16:19:44 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#[derive(Debug, Deserialize)]
|
|
|
|
|
pub(super) struct PathParams {
|
|
|
|
|
portal_id: Uuid,
|
|
|
|
|
rel_oid: u32,
|
|
|
|
|
workspace_id: Uuid,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// HTTP POST handler for inserting one or more rows into a table. This handler
|
|
|
|
|
/// takes a form where the keys are column names, with keys optionally repeated
|
|
|
|
|
/// to insert multiple rows at once. If any key is repeated, the others should
|
|
|
|
|
/// be repeated the same number of times. Form values are expected to be JSON-
|
2025-09-23 13:08:51 -07:00
|
|
|
/// serialized representations of the `[Datum]` type.
|
2025-09-14 16:19:44 -04:00
|
|
|
#[debug_handler(state = App)]
|
|
|
|
|
pub(super) async fn post(
|
|
|
|
|
State(mut workspace_pooler): State<WorkspacePooler>,
|
|
|
|
|
AppDbConn(mut app_db): AppDbConn,
|
|
|
|
|
CurrentUser(user): CurrentUser,
|
|
|
|
|
navigator: Navigator,
|
|
|
|
|
Path(PathParams {
|
|
|
|
|
portal_id,
|
|
|
|
|
rel_oid,
|
|
|
|
|
workspace_id,
|
|
|
|
|
}): Path<PathParams>,
|
|
|
|
|
Form(form): Form<HashMap<String, Vec<String>>>,
|
|
|
|
|
) -> Result<Response, AppError> {
|
2025-10-01 22:36:19 -07:00
|
|
|
// FIXME CSRF
|
2025-09-14 16:19:44 -04:00
|
|
|
|
|
|
|
|
let mut workspace_client = workspace_pooler
|
2025-11-19 01:31:09 +00:00
|
|
|
.acquire_for(workspace_id, RoleAssignment::User(user.id))
|
2025-09-14 16:19:44 -04:00
|
|
|
.await?;
|
|
|
|
|
|
|
|
|
|
let rel = PgClass::with_oid(Oid(rel_oid))
|
|
|
|
|
.fetch_one(&mut workspace_client)
|
|
|
|
|
.await?;
|
|
|
|
|
|
2025-11-19 01:31:09 +00:00
|
|
|
// For authorization only.
|
|
|
|
|
let _portal = PortalAccessor::new()
|
|
|
|
|
.id(portal_id)
|
|
|
|
|
.as_actor(Actor::User(user.id))
|
|
|
|
|
.verify_workspace_id(workspace_id)
|
|
|
|
|
.verify_rel_oid(Oid(rel_oid))
|
|
|
|
|
.verify_rel_permissions([PgPrivilegeType::Insert])
|
|
|
|
|
.using_rel(&rel)
|
|
|
|
|
.using_app_db(&mut app_db)
|
|
|
|
|
.using_workspace_client(&mut workspace_client)
|
|
|
|
|
.fetch_one()
|
|
|
|
|
.await?;
|
|
|
|
|
|
2025-09-14 16:19:44 -04:00
|
|
|
let col_names: Vec<String> = form.keys().cloned().collect();
|
2025-10-01 22:36:19 -07:00
|
|
|
|
|
|
|
|
// Prevent users from modifying Phonograph metadata columns.
|
2025-10-07 06:23:50 +00:00
|
|
|
if form.iter().any(|(col, values)| {
|
|
|
|
|
col.starts_with('_')
|
|
|
|
|
&& values.iter().any(|value| {
|
|
|
|
|
serde_json::from_str::<Datum>(value)
|
|
|
|
|
.ok()
|
|
|
|
|
.map(|value| !value.is_none())
|
|
|
|
|
.unwrap_or(false)
|
|
|
|
|
})
|
|
|
|
|
}) {
|
2025-10-01 22:36:19 -07:00
|
|
|
return Err(forbidden!("access denied to update system metadata column"));
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-14 16:19:44 -04:00
|
|
|
let col_list_sql = col_names
|
|
|
|
|
.iter()
|
|
|
|
|
.map(|value| escape_identifier(value))
|
|
|
|
|
.collect::<Vec<String>>()
|
|
|
|
|
.join(", ");
|
|
|
|
|
|
|
|
|
|
let n_rows = form.values().map(|value| value.len()).max().unwrap_or(0);
|
|
|
|
|
if n_rows > 0 {
|
|
|
|
|
let mut param_index = 1;
|
2025-09-23 13:08:51 -07:00
|
|
|
let mut params: Vec<Datum> = vec![];
|
2025-09-14 16:19:44 -04:00
|
|
|
let mut row_list: Vec<String> = vec![];
|
|
|
|
|
for i in 0..n_rows {
|
|
|
|
|
let mut param_slots: Vec<String> = vec![];
|
|
|
|
|
for col in col_names.iter() {
|
2025-09-23 13:08:51 -07:00
|
|
|
let maybe_value: Option<Datum> = form
|
2025-09-14 16:19:44 -04:00
|
|
|
.get(col)
|
|
|
|
|
.and_then(|col_values| col_values.get(i))
|
|
|
|
|
.map(|value_raw| serde_json::from_str(value_raw))
|
|
|
|
|
.transpose()?;
|
|
|
|
|
if let Some(value) = maybe_value.filter(|value| !value.is_none()) {
|
|
|
|
|
params.push(value);
|
|
|
|
|
param_slots.push(format!("${param_index}"));
|
|
|
|
|
param_index += 1;
|
|
|
|
|
} else {
|
|
|
|
|
param_slots.push("default".to_owned());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
row_list.push(format!("({0})", param_slots.join(", ")));
|
|
|
|
|
}
|
|
|
|
|
let row_list_sql = row_list.join(",\n");
|
|
|
|
|
|
|
|
|
|
let query_sql = &format!(
|
|
|
|
|
"insert into {ident} ({col_list_sql}) values {row_list_sql}",
|
|
|
|
|
ident = rel.get_identifier(),
|
|
|
|
|
);
|
|
|
|
|
let mut q = query(query_sql);
|
|
|
|
|
for param in params {
|
|
|
|
|
q = param.bind_onto(q);
|
|
|
|
|
}
|
|
|
|
|
q.execute(workspace_client.get_conn()).await?;
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-01 22:36:19 -07:00
|
|
|
Ok(navigator
|
|
|
|
|
.portal_page()
|
|
|
|
|
.workspace_id(workspace_id)
|
|
|
|
|
.rel_oid(Oid(rel_oid))
|
|
|
|
|
.portal_id(portal_id)
|
|
|
|
|
.build()?
|
|
|
|
|
.redirect_to())
|
2025-09-14 16:19:44 -04:00
|
|
|
}
|
