Significantly expand the auditing capability to show both the export
and access to data.
Before, the concepts were too closely linked.
Now, both the JSON and non-JSON output are careful to note which
data is simply accessable, and which may be exported as well (and
via which paths through the code).
Also fix code output by non-role-based systems.
noexport empty statement, which was causing
assertions when invoked in certain situations.
Also start using ksql(3)'s stored
statement functionality, which improves security.
Add partial support for roles within ksql(3) as well, but leave them
unimplemented for the time being.
allowing limits, offsets, and orderings to come after an empty
noexport in a structure's roles to accept an
empty name, which indicates that no fields should be exported.
Reduction of nearly 40% from the file size of the last version!
This is a savings in code size along—the bulk of the files
are often comments.
Support auto-numbering of enumerations.
The scheme is to start at the maximum assigned number plus one or
zero, whichever is greater, and assign incrementally in order of
date pseudo-type that aliases
epoch but uses the date validation input.
LIMIT set goes after
kwebapp-sql(1), and kwebapp-sqldiff(1).
The historical calling conventions of using kwebapp(1) with output flags is no
This tool allows configurations to be audited for role permissions.
It effectively takes a configuration and determines all possible
access (data access, modify, etc.) available to a given role and
produces a report.
Reports can be on the command-line or JSON.
A sample implementation of the JSON file is installed.
comment strings to be associated with roles.
The audit functionality is part of a project generously funded by
CAPEM Solutions, Inc.
delete to operate
See kwebapp(5) for syntax.
Also add transaction call-through functions to the generated C API.
This is necessary in role-based mode since the underlying
ksql API is shielded.
These are documented in kwebapp(1).
Fix a crash when having
limit statements with
Lift the restriction on alias counts (total number of inner joins)
from 26 to 17576.
This can easily be expanded further: the limitation is purely for
distinct field to queries.
This field, in its basic form, enforced the SQL
However, it can also be used for nested fields in a structure,
effectively only returning distinct rows of nested structures.
The canonical example is returning only distinct album fields that
struct foreign key references of a track table.
All of this is documented in kwebapp(5).
Bug-fixes in created C code to account for line-breaking long SQL
(This is an in-progress effort.)
Also add the
unset jslabel statement for bit-fields.
to provide a value if the field exists but has not been set with any
(This is yet to be documented for kwebapp(1) as the feature is still
Lots of new features!
order statement for ordering
It can also act as a way to define single results over non-unique
fields by combining the
search statement with
Allow for limit offsets by extending the
Lastly, introduce the
bit bit index type and the
bits top-level type for working with bit-fields.
All of these are documented in kwebapp(5).
(These will otherwise collide in the C namespace.)
Improve the documentation (function arguments) in the produced C
enum values—this is described
or logical (bit-wise)
operations for search constraints.
Finally allow comments!
These begin at any time with the hash mark and continue to the end
(My motivation was modelines for vim.)
Lastly, and the biggest, allow for having
null foreign keys.
This requires the system to perform extra
statements when the keys aren't
null (which is noted in
the generated API comments on a per-function basis), but overall
it's very useful.
like operator type.
This allows for primitive text searching.
(This will become more advanced in time.)
accept an array of functions for structure-field or structure in
bit type to work with kcgi's new bit
Lastly, add feature that allows an update
statement translate into updating all fields.
Repair the jsdoc by actually
Also add custom callback handling for individual structure/fields.
insert statement within a structure to
generate insertion functions.
Disambiguate the configuration grammar with respect to structure
struct types could specify the linkage from
another field to a foreign key.
Now, the linkage must be specified within the other field itself.
This clears up the situation where a structure and the referring
field had different types.
It also allows all foreign key information (e.g.,
delete modifiers) to exist unambiguously on the
referring field itself.
actdel modifiers on a
foreign key reference.
actdel cascade specifies
Properly wrap comments (at word boundaries) at 70 columns.
Introduce RBAC functionality: the
object defining the roles themselves such that each structure
insert) can be wrapped in a
roles statement limiting access.
When the top-level
roles is defined (even if empty),
ksql database handle is hidden from the API, and
instead an opaque
kwbp is used.
This allows for full role-based access to the database.
Read the kwebapp(5) for more
Also clarified some warnings and errors generated during the link phase.
CFLAGS during configuration and use -Wextra during compilation.
First, clarify how the root DOM element is handled as to whether it can have classes to be filled in.
Second, add a
fillInner() function to handle cases where the root shouldn't be filled in.
Finally, add a
fillArray that fills from an array of objects.
This removes the first element, clears the root element, then clones, fills in, and appends the first element
for all objects.
fillInner() functionality comes in handy to protect nested objects from clobbering each other.
Fix a bug that crept into the last release where iterate/list terms with an empty constraint set resulted in a
WHERE in the generated SQL.
Allow iteration and listing to accept no terms; i.e., they produce all rows for that structure.
split process model to be used when
-Fsplitproc is specified.
sqldiff mode support for enumerations.
This makes sure that enumeration objects are consistent (non-destructive) across configurations.
Add enumerations (
enum) as top-level objects.
This allows the C API to represent integers as sets of constants and makes validation more precise.
eq operator for validation.
(Probably not used for numeric, but useful for strings in some circumstances.)
This is just a string type with special validation.
Add the ability for
update fields to accept a modifier.
This translates into the SQL equivalent to
update foo set x = x + ?.
Right now, only the
dec modifiers are supported, but it's easy to add in new ones.
One-liner so that
unique fields can be foreign keys (but not
Also add the
epoch native type that uses the
time_t type for the C API.
For OpenBSD with 64-bit signed integral time, this is just an alias for
int except for the type
in the API.
Fix bug in recursive reference checker.
This now works properly and allows [properly] for self-referencing structures for native type references.
Add special function to JSON print iterate entries.
These work together with the iterate functions and accept their callback syntax.
Finally fix naming of anonymous query (search, list, iterate), update, and delete functions.
This now uses the basic syntax of
xx is the structure,
is the field, and
op is the operation.
op field disambiguates fields.
(The operation also makes the earlier double-underscore unneeded.)
Also add functions to print JSON arrays if and only if a structure has list iterators specified.
Flag day: use the -O flag to specify output type (hence minor bump).
Also move -v and -j into -Fvalids and -Fjson as part of the new -F flag.
This cleans up a lot of options and leaves the door open for new output formats and configuration options.
Also handle the
foo-xxxx-value class, where
foo is the structure and
xxxx is the
field, for auto-population of form elements.
This completes the chain from HTML form input to filling in HTML DOM trees with CGI script output.
Handle empty insertions by using
DEFAULT VALUES on the insertion.
Accept inequality operators for search, update, and delete constraints.
Add limit clauses to make validation more meaningful.
(See the limit field clause in kwebapp(5).)
Now input values can be limited.
Add full validation sequence required by kcgi(3), specifically
With this in place, applications can push the given structure directly into the HTTP parser without needing to
create the array themselves.
Add field validation routines.
See the -v flag in kwebapp(1).
This uses the field type (and modifiers) to create
kcgi(3) validation routines.
Require a semicolon after
This is future-proofing for options following the
Also added a
noexport field option that disallows fields from being JSON-exported.
Handle empty (
null) values as specified in the configuration when exporting to JSON.
Also, properly handle blob values as base64-encoded strings.
Introduce -j, which also emits JSON output functions using kcgi(3)'s interface.
These complete the chain of exporting data from a database directly to client applications.
Have the singleton search function (e.g.,
search foo: name bar) use the operator
get in generated
Before, these would be (following the example)
This is more consistent with the other search functions.
Renamed the -h flag to -C.
(Source in lowercase, header in uppercase.)
Initial stable internals.
I'm still going to change the generated API function names before adding features, but the system is already in