Releases: mathesar-foundation/mathesar
Version 0.2.0 (beta release)
Summary
Version 0.2.0 is Mathesar’s first beta release and features a brand new access control system, massive performance improvements, and an important security fix.
Feedback
Please share feedback on the 0.2.0 GitHub discussion, via the project's Matrix chat, or by emailing hello@mathesar.org. Thank you!
Version 0.2.0-testing.1 (alpha release)
🧪 Mathesar 0.2.0-testing.1
Caution
Not a stable release
This is a testing build released with the goal of gathering feedback from our community. It has many known issues and is not recommended for production use.
Summary
Mathesar 0.2.0-testing.1 provides an early preview of improvements we plan to release in our beta version. We have a brand new access control system based entirely on PostgreSQL database permissions, and we've also made major improvements to the responsiveness of the Mathesar UI. We've also built out a new RPC API, and we're deprecating our REST API in favor of it.
This page provides a comprehensive list of all changes in the release.
Installing 0.2.0-testing.1
You will need to create a new installation of Mathesar to use this version, which you can do via Docker Compose or from source.
We do not support upgrading from previous versions to 0.2.0-testing.1.
Improvements
Access control based on PostgreSQL roles and privileges
We have a brand new access control system based entirely on PostgreSQL database roles and privileges. Mathesar users must now be assigned a database role, and any operations performed by the user through the Mathesar UI will connect to the database using that role.
This gives Mathesar several new capabilities. Database administrators can set up access control directly on the database and use those roles in Mathesar. Mathesar also supports setting up PostgreSQL roles and privileges via the UI, including granular access control at the individual table level.
This replaces our previous access control system (which was enforced at the API layer, and only supported permissions at the database and schema levels). It also eliminates the need for Mathesar to use a database superuser for day-to-day operations.
More detailed documentation can be found in our User Guide under Permissions and Users.
- Initial permissions remodel #3626
- Implement RPC method for listing roles in server #3663
- Initial
database_setupRPC methods #3665 - Cast OID values to bigint in msar.get_roles #3667
- RPC methods for servers, collaborators #3684
- RPC methods for configured roles #3685
- Remove existing permissions logic on the frontend #3689
- Homepage changes for database connections #3710
- Homepage UI #3711
- Implement
database_privileges.list_directRPC method. #3750 - Implement
database_privileges.get_owner_oid_and_curr_role_db_privRPC method #3760 - Database page role configuration, collaborators, roles #3762
- Implement
roles.addRPC endpoint #3769 - Add
database_privileges.replace_for_rolesRPC method. #3781 - Add
schema_privileges.replace_for_rolesRPC method #3786 - Move DB page contexts to the route level #3789
- Add privilege information fields #3795
- Database permissions modal - 'Share' tab #3810
- Implement
transfer_ownershipfor schemas and tables #3833 - Implement permissions modal for schemas and tables #3836, #3838
- Allow setting owner at creation #3840
- Implement
roles.delete,databases.drop&databases.configured.disconnectRPC methods #3858 - Implement 'Transfer ownership' tabs #3859
- Permission checks in all pages, disconnect database option #3861
- Bugfix
get_current_rolewhen only one role exists #3869 - Grant appropriate permissions for
msar,__msarandmathesar_typestoPUBLIC#3881 - Filter databases for admin and standard users #3895
- Fix logic in
get_current_role#3922 - Fix quoting for role grant/revoke expressions #3931
- Bugfix msar.set_members #3958
Performance improvements and RPC API
We've made major improvements to the responsiveness of the Mathesar UI. Loading data and data entry should be much more snappy, and importing data into Mathesar is around 50 times faster. We've also eliminated the need to manually sync database schema changes to Mathesar, any DDL changes will be reflected in the UI automatically.
To achieve these performance benefits, we needed to overhaul our backend architecture and API. We have built out a new RPC API and our frontend UI now primarily uses that API. The RPC API has some documentation here, but should not be considered stable yet.
Most of our REST API endpoints are now deprecated and will be removed soon. The /users/ and /data-files/ endpoints remain in use.
- Connections RPC front end #3543
- Exception handler tests #3547
- Fix SQL syntax highlighting in VS code for SQL tests #3588
- Remove dead front end API client code to GET one schema #3589
- Refactor list of RPC methods to test #3597
- Implement
tables.listrpc endpoint #3599 - Implement
tables.deleteRPC method #3608 - Implement
schemas.listRPC method #3598 - Implement
schemas.deleteRPC method #3610 - Implement
tables.getRPC method #3612 - Implement
tables.addRPC method #3614 - Col delete func #3586
- Add `...
