brianhansonxyz/rspade_system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee709ae86d6fd643af4f3b39dfd4e191fd4b7085
rspade_system/app/RSpade/SchemaQuality/Rules/SessionIdForeignKeyRule.php
root 29c657f7a7 Exclude tests directory from framework publish 
Add 100+ automated unit tests from .expect file specifications
Add session system test
Add rsx:constants:regenerate command test
Add rsx:logrotate command test
Add rsx:clean command test
Add rsx:manifest:stats command test
Add model enum system test
Add model mass assignment prevention test
Add rsx:check command test
Add migrate:status command test

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-25 03:59:58 +00:00

56 lines
2.2 KiB
PHP
Raw Blame History

<?php
namespace App\RSpade\SchemaQuality\Rules;
class SessionIdForeignKeyRule extends Schema_Rule_Abstract
{
public function get_id(): string
{
return 'SCHEMA-FK-01';
}
public function get_name(): string
{
return 'Session ID Foreign Key Rule';
}
public function get_description(): string
{
return 'Ensures session_id columns are nullable. Foreign key constraints to sessions table are NOT enforced - session IDs are ephemeral tracking identifiers that should not have referential integrity constraints.';
}
public function check(array $schema): void
{
foreach ($schema['tables'] as $table_name => $table_info) {
if ($this->is_excluded_table($table_name)) {
continue;
}
// Check each column for session_id
foreach ($table_info['columns'] as $column) {
if ($column['name'] === 'session_id') {
// Check if nullable - session_id must always be nullable
if ($column['nullable'] !== 'YES') {
$this->add_violation(
$table_name,
'session_id',
'Column session_id must be nullable (ephemeral tracking identifier)',
'ALTER TABLE ' . $table_name . ' MODIFY session_id VARCHAR(255) NULL'
);
}
// NOTE: We do NOT enforce foreign key constraints for session_id columns.
// Session IDs are ephemeral tracking identifiers used for:
// - Temporary file upload tracking (file_attachments)
// - Short-term security validation
// - Session-scoped data that doesn't need referential integrity
//
// Adding FK constraints would:
// - Prevent cleanup of old sessions (cascade deletes unwanted)
// - Create unnecessary coupling between ephemeral and persistent data
// - Violate the principle that sessions are temporary, data is permanent
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink