Make event tables inaccessible from views#4459
Make event tables inaccessible from views#4459joshua-spacetime wants to merge 1 commit intomasterfrom
Conversation
| var _ = ctx.Db.ViewAuditEvent; | ||
| ^^^^^^^^^^^^^^ | ||
| return null; | ||
| */ | ||
| Message: 'LocalReadOnly' does not contain a definition for 'ViewAuditEvent' and no accessible extension method 'ViewAuditEvent' accepting a first argument of type 'LocalReadOnly' could be found (are you missing a using directive or an assembly reference?), |
There was a problem hiding this comment.
No longer generating bindings for event tables.
| return ctx.From.ViewAuditEvent(); | ||
| ^^^^^^^^^^^^^^ | ||
| } | ||
| */ | ||
| Message: 'QueryBuilder' does not contain a definition for 'ViewAuditEvent' and no accessible extension method 'ViewAuditEvent' accepting a first argument of type 'QueryBuilder' could be found (are you missing a using directive or an assembly reference?), |
There was a problem hiding this comment.
The same is true for the query builder
| } | ||
|
|
||
| foreach (var accessor in TableAccessors) | ||
| foreach (var accessor in TableAccessors.Where(accessor => !accessor.IsEvent)) |
There was a problem hiding this comment.
Restricting Ctx.Db in C# (procedural views)
| var globalRowName = $"global::{FullName}"; | ||
|
|
||
| foreach (var accessor in TableAccessors) | ||
| foreach (var accessor in TableAccessors.Where(accessor => !accessor.IsEvent)) |
There was a problem hiding this comment.
Restricting Ctx.From in C# (query builder views)
| let trait_def_view = quote_spanned! {table_ident.span()=> | ||
| #[allow(non_camel_case_types, dead_code)] | ||
| #vis trait #view_trait_ident { | ||
| let trait_def_view = if args.event.is_none() { |
There was a problem hiding this comment.
Restricting ctx.db in rust (procedural views)
| #vis trait #query_trait_ident { | ||
| fn #table_ident(&self) -> spacetimedb::query_builder::Table<#original_struct_ident> { | ||
| spacetimedb::query_builder::Table::new(stringify!(#table_ident)) | ||
| let table_query_handle_def = if args.event.is_none() { |
There was a problem hiding this comment.
Restricting ctx.from in rust (query builder views)
| } | ||
|
|
||
| get #viewSchema() { | ||
| return (this.#viewSchema_ ??= withoutEventTables(this.#schema.schemaType)); |
There was a problem hiding this comment.
Restrict ctx.db and ctx.from in typescript
joshua-spacetime
requested review from
Shubham8287,
coolreader18 and
rekhoff
| return (this.#viewSchema_ ??= withoutEventTables(this.#schema.schemaType)); | ||
| } | ||
|
|
||
| get #viewDbView() { |
There was a problem hiding this comment.
I don't think this is necessary, because with just the typing alone the users won't be able to access the event tables (and if they bypass it, it'll error).
There was a problem hiding this comment.
and if they bypass it, it'll error
Will it? Without these hooks, view contexts get access to the full schema at runtime, so it may not error if you bypass the type system, right?
joshua-spacetime
force-pushed
the
joshua/fix/event-table-views
branch
from
442a4ec to
0a492c7
Compare
rekhoff
left a comment
rekhoff
left a comment
There was a problem hiding this comment.
After reviewing the C# changes, these look solid. I am approving the C# portion of the changes.
3 participants
Description of Changes
According to the docs, event tables should not be accessible from views, but in fact they are. This patch stops generating view bindings for event tables across rust, c#, and typescript.
API and ABI breaking changes
Technically a breaking change, but they were never supposed to be there in the first place and would not work correctly regardless.
Expected complexity level and risk
2
Testing
Added negative compile tests for trying to access event tables from within a view.