Context for the operations on a postgres database. More...
#include <context.hpp>
Public Types | |
| using | connection_type = sqlgen::postgres::Connection |
| using | connection_pool_type = tenant_aware_pool< connection_type > |
Public Member Functions | |
| context (sqlgen::ConnectionPool< connection_type > connection_pool, sqlgen::postgres::Credentials credentials, utility::uuid::tenant_id tenant_id, std::string actor="", std::string service_account="") | |
| Constructs a tenant-only context. | |
| context (sqlgen::ConnectionPool< connection_type > connection_pool, sqlgen::postgres::Credentials credentials, utility::uuid::tenant_id tenant_id, boost::uuids::uuid party_id, std::vector< boost::uuids::uuid > visible_party_ids, std::string actor="", std::string service_account="") | |
| Constructs a tenant-and-party-aware context. | |
| connection_pool_type & | connection_pool () |
| Gets the tenant-aware connection pool. | |
| const sqlgen::postgres::Credentials & | credentials () const |
| Gets the credentials for this context. | |
| const utility::uuid::tenant_id & | tenant_id () const |
| Gets the tenant ID for this context. | |
| std::optional< boost::uuids::uuid > | party_id () const |
| Gets the party ID for this context, if set. | |
| const std::vector< boost::uuids::uuid > & | visible_party_ids () const |
| Gets the visible party IDs for this context. | |
| const std::string & | actor () const |
| Gets the current actor (end-user) for this context. | |
| const std::string & | service_account () const |
| Gets the service account for this context. | |
| const sqlgen::ConnectionPool< connection_type > & | underlying_pool () const |
| Gets the underlying raw connection pool. | |
| const std::vector< std::string > & | roles () const |
| Gets the permission codes carried in this context. | |
| context | with_roles (std::vector< std::string > roles) const |
| Returns a copy of this context with the given permission codes. | |
| context | with_tenant (utility::uuid::tenant_id tenant_id, std::string actor) const |
| Creates a new context with a different tenant ID (no party). | |
| context | with_party (utility::uuid::tenant_id tenant_id, boost::uuids::uuid party_id, std::vector< boost::uuids::uuid > visible_party_ids, std::string actor) const |
| Creates a new context with tenant and party isolation. | |
Detailed Description
Context for the operations on a postgres database.
The context wraps a tenant-aware connection pool that automatically sets the tenant context (and optionally party context) via PostgreSQL session variables whenever a connection is acquired. This ensures RLS policies work correctly with connection pooling.
Two actors are tracked separately:
- actor: the end-user who initiated the request (from JWT); used for modified_by on domain objects.
- service_account: the system service performing the write (e.g. "ores_refdata_service"); used for performed_by on domain objects. Set once at service startup and preserved across per-request contexts.
Member Function Documentation
◆ actor()
| const std::string & actor | ( | ) | const |
Gets the current actor (end-user) for this context.
This is the username extracted from the JWT of the inbound request. Used to stamp modified_by on domain objects.
◆ service_account()
| const std::string & service_account | ( | ) | const |
Gets the service account for this context.
This is the system service identity (e.g. "ores_refdata_service") set once at startup and preserved across per-request contexts. Used to stamp performed_by on domain objects.
◆ roles()
| const std::vector< std::string > & roles | ( | ) | const |
Gets the permission codes carried in this context.
Populated from the JWT at request time for service-to-service calls; empty for contexts that pre-date the RBAC enforcement layer.
◆ with_roles()
| context with_roles | ( | std::vector< std::string > | roles | ) | const |
Returns a copy of this context with the given permission codes.
Used by make_request_context to attach JWT permissions to the per-request database context.
◆ with_tenant()
| context with_tenant | ( | utility::uuid::tenant_id | tenant_id, |
| std::string | actor | ||
| ) | const |
Creates a new context with a different tenant ID (no party).
The service_account is preserved from the base context.
◆ with_party()
| context with_party | ( | utility::uuid::tenant_id | tenant_id, |
| boost::uuids::uuid | party_id, | ||
| std::vector< boost::uuids::uuid > | visible_party_ids, | ||
| std::string | actor | ||
| ) | const |
Creates a new context with tenant and party isolation.
The service_account is preserved from the base context.
