chore: sync metaschema-schema from constructive-db

packages/metaschema-modules/__tests__/__snapshots__/modules.test.ts.snap

@@ -150,13 +150,13 @@ exports[`db_meta_modules should verify field_module table structure 1`] = `
 
 exports[`db_meta_modules should verify module table structures have database_id foreign keys 1`] = `
 {
-  "constraintCount": 72600,
+  "constraintCount": 67416,
 }
 `;
 
 exports[`db_meta_modules should verify module tables have proper foreign key relationships 1`] = `
 {
-  "constraintCount": 102535,
+  "constraintCount": 96840,
   "foreignTables": [
     "apis",
     "database",
@@ -167,6 +167,79 @@ exports[`db_meta_modules should verify module tables have proper foreign key rel
 }
 `;
 
+exports[`db_meta_modules should verify sessions_module table structure 1`] = `
+{
+  "columns": [
+    {
+      "column_default": "uuid_generate_v4()",
+      "column_name": "id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": null,
+      "column_name": "database_id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "uuid_nil()",
+      "column_name": "schema_id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "uuid_nil()",
+      "column_name": "sessions_table_id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "uuid_nil()",
+      "column_name": "session_credentials_table_id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "uuid_nil()",
+      "column_name": "auth_settings_table_id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "uuid_nil()",
+      "column_name": "users_table_id",
+      "data_type": "uuid",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "'30 days'::interval",
+      "column_name": "sessions_default_expiration",
+      "data_type": "interval",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "'sessions'::text",
+      "column_name": "sessions_table",
+      "data_type": "text",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "'session_credentials'::text",
+      "column_name": "session_credentials_table",
+      "data_type": "text",
+      "is_nullable": "NO",
+    },
+    {
+      "column_default": "'app_auth_settings'::text",
+      "column_name": "auth_settings_table",
+      "data_type": "text",
+      "is_nullable": "NO",
+    },
+  ],
+}
+`;
+
 exports[`db_meta_modules should verify specific module table column defaults 1`] = `
 {
   "sessionsDefaults": [
@@ -350,79 +423,6 @@ exports[`db_meta_modules should verify table_template_module table structure 1`]
 }
 `;
 
-exports[`db_meta_modules should verify sessions_module table structure 1`] = `
-{
-  "columns": [
-    {
-      "column_default": "uuid_generate_v4()",
-      "column_name": "id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": null,
-      "column_name": "database_id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "uuid_nil()",
-      "column_name": "schema_id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "uuid_nil()",
-      "column_name": "sessions_table_id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "uuid_nil()",
-      "column_name": "session_credentials_table_id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "uuid_nil()",
-      "column_name": "auth_settings_table_id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "uuid_nil()",
-      "column_name": "users_table_id",
-      "data_type": "uuid",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "'30 days'::interval",
-      "column_name": "sessions_default_expiration",
-      "data_type": "interval",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "'sessions'::text",
-      "column_name": "sessions_table",
-      "data_type": "text",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "'session_credentials'::text",
-      "column_name": "session_credentials_table",
-      "data_type": "text",
-      "is_nullable": "NO",
-    },
-    {
-      "column_default": "'app_auth_settings'::text",
-      "column_name": "auth_settings_table",
-      "data_type": "text",
-      "is_nullable": "NO",
-    },
-  ],
-}
-`;
-
 exports[`db_meta_modules should verify users_module table structure 1`] = `
 {
   "columns": [

packages/metaschema-schema/deploy/schemas/metaschema_public/tables/database/table.sql

@@ -8,23 +8,17 @@ CREATE TABLE metaschema_public.database (
   id uuid PRIMARY KEY DEFAULT uuid_generate_v4 (),
   owner_id uuid,
   schema_hash text,
-  schema_name text,
-  private_schema_name text,
 
   name text,
   label text,
 
   hash uuid,
-  unique(schema_hash),
-  unique(schema_name),
-  unique(private_schema_name)
+  unique(schema_hash)
 );
 
 ALTER TABLE metaschema_public.database
   ADD CONSTRAINT db_namechk CHECK (char_length(name) > 2);
 
 COMMENT ON COLUMN metaschema_public.database.schema_hash IS '@omit';
--- COMMENT ON COLUMN metaschema_public.database.schema_name IS '@omit';
--- COMMENT ON COLUMN metaschema_public.database.private_schema_name IS '@omit';
 
 COMMIT;

packages/metaschema-schema/deploy/schemas/metaschema_public/tables/default_privilege/table.sql

@@ -0,0 +1,39 @@
+-- Deploy schemas/metaschema_public/tables/default_privilege/table to pg
+
+-- requires: schemas/metaschema_public/schema
+-- requires: schemas/metaschema_public/tables/schema/table
+-- requires: schemas/metaschema_public/tables/database/table
+
+BEGIN;
+
+CREATE TABLE metaschema_public.default_privilege (
+  id uuid PRIMARY KEY DEFAULT uuid_generate_v4 (),
+  database_id uuid NOT NULL DEFAULT uuid_nil(),
+
+  schema_id uuid NOT NULL,
+
+  -- 'tables', 'functions', 'sequences'
+  object_type text NOT NULL,
+
+  -- 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'USAGE', 'EXECUTE', etc.
+  privilege text NOT NULL,
+
+  -- role receiving the privilege (e.g. 'authenticated', 'administrator', 'anonymous')
+  grantee_name text NOT NULL,
+
+  -- true = GRANT, false = REVOKE
+  is_grant boolean NOT NULL DEFAULT true,
+
+  CONSTRAINT db_fkey FOREIGN KEY (database_id) REFERENCES metaschema_public.database (id) ON DELETE CASCADE,
+  CONSTRAINT schema_fkey FOREIGN KEY (schema_id) REFERENCES metaschema_public.schema (id) ON DELETE CASCADE,
+
+  UNIQUE (schema_id, object_type, privilege, grantee_name, is_grant)
+);
+
+COMMENT ON CONSTRAINT schema_fkey ON metaschema_public.default_privilege IS E'@omit manyToMany';
+COMMENT ON CONSTRAINT db_fkey ON metaschema_public.default_privilege IS E'@omit manyToMany';
+
+CREATE INDEX default_privilege_schema_id_idx ON metaschema_public.default_privilege ( schema_id );
+CREATE INDEX default_privilege_database_id_idx ON metaschema_public.default_privilege ( database_id );
+
+COMMIT;

packages/metaschema-schema/deploy/schemas/metaschema_public/tables/field/table.sql

@@ -3,10 +3,25 @@
 
 -- requires: schemas/metaschema_public/schema
 -- requires: schemas/metaschema_public/tables/table/table
--- requires: schemas/metaschema_public/types/object_category
 
 BEGIN;
 
+-- TODO should we just query this table and make a view?
+-- https://www.postgresql.org/docs/9.2/catalog-pg-attribute.html
+
+-- IF YOU WANT TO REMOVE THIS TABLE, answer the qustion, how would you add RLS to this:
+--  SELECT 
+--       attrelid::text AS tbl
+--       , attname::text            AS col
+--       , p.attnum::int as id,
+--       t.typname as typename
+
+--   FROM   pg_catalog.pg_attribute p
+--   INNER JOIN  pg_catalog.pg_type t ON (t.oid = p.atttypid)
+--   WHERE  attrelid = 'dude_schema.products'::regclass
+--   AND    p.attnum > 0
+--   AND    NOT attisdropped;
+
 CREATE TABLE metaschema_public.field (
   id uuid PRIMARY KEY DEFAULT uuid_generate_v4 (),
   database_id uuid NOT NULL DEFAULT uuid_nil(),
@@ -41,11 +56,14 @@ CREATE TABLE metaschema_public.field (
 
   tags citext[] NOT NULL DEFAULT '{}',
 
+  -- Field categorization for system/module/app fields (mirrors table categorization)
+  -- category: 'core' for system fields (id, entity_id, actor_id), 'module' for module-generated fields, 'app' for user-defined fields
+  -- module: the module name that created this field (e.g., 'users', 'permissions', 'memberships')
+  -- scope: membership_type int (1=app, 2=org, 3=group, NULL=not scoped)
   category metaschema_public.object_category NOT NULL DEFAULT 'app',
   module text NULL,
   scope int NULL,
 
-  --
   CONSTRAINT db_fkey FOREIGN KEY (database_id) REFERENCES metaschema_public.database (id) ON DELETE CASCADE,
   CONSTRAINT table_fkey FOREIGN KEY (table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
 

packages/metaschema-schema/deploy/schemas/metaschema_public/tables/foreign_key_constraint/table.sql

@@ -19,7 +19,7 @@ CREATE TABLE metaschema_public.foreign_key_constraint (
     field_ids uuid[] NOT NULL,
     ref_table_id uuid NOT NULL REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
     ref_field_ids uuid[] NOT NULL,
-    delete_action char(1) DEFAULT 'c',
+    delete_action char(1) DEFAULT 'c', -- postgres default is 'a'
     update_action char(1) DEFAULT 'a',
 
     category metaschema_public.object_category NOT NULL DEFAULT 'app',

packages/metaschema-schema/deploy/schemas/metaschema_public/tables/index/table.sql

@@ -33,6 +33,7 @@ CREATE TABLE metaschema_public.index (
   CONSTRAINT db_fkey FOREIGN KEY (database_id) REFERENCES metaschema_public.database (id) ON DELETE CASCADE,
   CONSTRAINT table_fkey FOREIGN KEY (table_id) REFERENCES metaschema_public.table (id) ON DELETE CASCADE,
 
+  -- index names are UNIQUE across schemas, so for portability we will check against database_id
   UNIQUE (database_id, name)
 );
 

packages/metaschema-schema/deploy/schemas/metaschema_public/tables/policy/table.sql

@@ -12,9 +12,13 @@ CREATE TABLE metaschema_public.policy (
 
   table_id uuid NOT NULL,
   name text,
-  role_name text,
+  grantee_name text,
   privilege text,
 
+  -- using_expression text,
+  -- check_expression text,
+  -- policy_text text,
+
   permissive boolean default true,
   disabled boolean default false,