Merge pull request #10 from DanCardin/dc/define-more-grants

DanCardin · Dec 6, 2022 · c329b9e · c329b9e
2 parents b9f1cc9 + d4be892
commit c329b9e
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sqlalchemy-declarative-extensions"
-version = "0.3.0"
+version = "0.3.1"
 description = "Library to declare additional kinds of objects not natively supported by SqlAlchemy/Alembic."
 
 authors = ["Dan Cardin <ddcardin@gmail.com>"]

diff --git a/src/sqlalchemy_declarative_extensions/grant/compare.py b/src/sqlalchemy_declarative_extensions/grant/compare.py
@@ -100,7 +100,12 @@ def compare_object_grants(
 ):
     result: list[Operation] = []
 
-    expected_grants = [g for g in grants if isinstance(g, GrantStatement)]
+    expected_grants = [
+        sub_g
+        for grant in grants
+        for sub_g in grant.explode()
+        if isinstance(sub_g, GrantStatement)
+    ]
 
     existing_tables = get_objects(connection)
     existing_tables_by_schema = {

diff --git a/tests/grant/test_grant_schema.py b/tests/grant/test_grant_schema.py
@@ -21,12 +21,13 @@
 class Base(Base_):
     __abstract__ = True
 
-    schemas = Schemas().are("bar")
+    schemas = Schemas().are("bar", "baz")
     roles = Roles(ignore_unspecified=True).are("access", "noaccess")
     grants = Grants().are(
         DefaultGrant.on_tables_in_schema("bar").grant("select", to="access"),
+        DefaultGrant.on_tables_in_schema("baz").grant("select", to="access"),
         DefaultGrant.on_tables_in_schema("bar").grant("select", to="noaccess"),
-        Grant.new("usage", to="access").on_schemas("bar"),
+        Grant.new("usage", to="access").on_schemas("bar", "baz"),
     )
 
 
@@ -37,6 +38,13 @@ class Bar(Base):
     id = Column(types.Integer(), autoincrement=True, primary_key=True)
 
 
+class Baz(Base):
+    __tablename__ = "baz"
+    __table_args__ = {"schema": "baz"}
+
+    id = Column(types.Integer(), autoincrement=True, primary_key=True)
+
+
 pg = create_postgres_fixture(scope="function", engine_kwargs={"echo": True})
 
 
@@ -61,3 +69,6 @@ def test_createall_grant(pg):
     # There should be no diffs detected after running `create_all`
     diff = compare_grants(pg, grants, roles)
     assert len(diff) == 0
+
+    # Ensure we're exploding common grants.
+    pg.execute(text("SET ROLE access; SELECT * from baz.baz"))