Add TemporalRepository<T> + ScopeGuardRepository<T> decorators

uwe.admin commented

2026-04-27 21:30:16 +02:00

Owner

Migrated from uwe.admin/webapp-scaffold#9 per the Option A decision. Builds on uwe.admin/oatpp-authkit#7.

Decorators land under oatpp-authkit/include/oatpp-authkit/repo/ next to the interfaces.

Builds on uwe.admin/oatpp-authkit#7. Adds the two cross-cutting decorators that wrap any Repository<T> to enforce temporal versioning and resource-scope authorization respectively.

Scope

`TemporalRepository<TDto>` (requires `TDto : ITemporalEntity`)

Wraps an inner Repository<TDto>
On save: closes the previous version (sets valid_until = now) and inserts a new row with valid_from = now, valid_until = '9999-12-31T23:59:59Z'
On findByEntityId(at: TemporalAt): filters by valid_from <= at < valid_until
Implements IHistoryRepository<TDto>: history(entityId) returns all versions ordered by valid_from

`ScopeGuardRepository<TDto>`

Wraps an inner Repository<TDto>
Generic — does not know about "property" specifically. Takes a guard predicate as a constructor parameter:
```
std::function<bool(const ActorContext&, const TDto&)> isAllowed;
```
On every method, evaluates the predicate against the resolved DTO; throws / denies on false.
The fewo-webapp-specific "property-scope" guard is wired up in fewo-webapp, not in oatpp-authkit.

Out of scope

Wiring decorators into any concrete repo (that's the pilot issue)
The fewo-webapp property-scope guard predicate itself

Acceptance

Both decorators compile against the interfaces from uwe.admin/oatpp-authkit#7
Unit tests against the in-memory fake show:
- Temporal save closes the prior version
- Live read returns only the row with valid_until = sentinel
- Point-in-time read returns the version live at that time
- History returns all versions in order
- Scope guard short-circuits when the predicate returns false

Migrated from uwe.admin/webapp-scaffold#9 per the Option A decision. Builds on uwe.admin/oatpp-authkit#7. Decorators land under `oatpp-authkit/include/oatpp-authkit/repo/` next to the interfaces. --- Builds on uwe.admin/oatpp-authkit#7. Adds the two cross-cutting decorators that wrap any `Repository<T>` to enforce temporal versioning and resource-scope authorization respectively. ## Scope ### `TemporalRepository<TDto>` (requires `TDto : ITemporalEntity`) - Wraps an inner `Repository<TDto>` - On `save`: closes the previous version (sets `valid_until = now`) and inserts a new row with `valid_from = now`, `valid_until = '9999-12-31T23:59:59Z'` - On `findByEntityId(at: TemporalAt)`: filters by `valid_from <= at < valid_until` - Implements `IHistoryRepository<TDto>`: `history(entityId)` returns all versions ordered by `valid_from` ### `ScopeGuardRepository<TDto>` - Wraps an inner `Repository<TDto>` - Generic — does **not** know about "property" specifically. Takes a guard predicate as a constructor parameter: ```cpp std::function<bool(const ActorContext&, const TDto&)> isAllowed; ``` - On every method, evaluates the predicate against the resolved DTO; throws / denies on false. - The fewo-webapp-specific "property-scope" guard is wired up in fewo-webapp, not in oatpp-authkit. ## Out of scope - Wiring decorators into any concrete repo (that's the pilot issue) - The fewo-webapp property-scope guard predicate itself ## Acceptance - Both decorators compile against the interfaces from uwe.admin/oatpp-authkit#7 - Unit tests against the in-memory fake show: - Temporal save closes the prior version - Live read returns only the row with `valid_until = sentinel` - Point-in-time read returns the version live at that time - History returns all versions in order - Scope guard short-circuits when the predicate returns false

uwe.admin referenced this issue

2026-04-27 21:30:16 +02:00

Optional IQueryable<T> capability + in-house query AST (post-pilot follow-on) #9

uwe.admin referenced this issue from uwe.admin/webapp-scaffold

2026-04-27 21:30:16 +02:00

Add TemporalRepository<T> + ScopeGuardRepository<T> decorators #9

uwe.admin referenced this issue

2026-04-27 21:31:25 +02:00

Add Repository<T> interface + ITemporalEntity + IHistoryRepository<T> #7

uwe.admin commented

2026-04-27 21:31:38 +02:00

Author

Owner

Evaluation carried over from closed uwe.admin/webapp-scaffold#9; the migration comment at the top of this issue body summarises the prior eval. No additional design questions remain.

uwe.admin added the

evaluated

label 2026-04-27 21:31:38 +02:00

u.schuster added the

accepted

label 2026-04-27 22:38:33 +02:00

uwe.admin referenced this issue from a commit

2026-04-27 22:42:54 +02:00

#7: Repository<T> interface set + ITemporalEntity + IHistoryRepository<T>

uwe.admin referenced this issue

2026-04-27 22:43:01 +02:00

Add Repository<T> interface + ITemporalEntity + IHistoryRepository<T> #7

uwe.admin referenced this issue from a commit

2026-04-27 22:51:41 +02:00

#8: TemporalRepository<T> + ScopeGuardRepository<T> decorators

uwe.admin closed this issue

2026-04-27 22:51:41 +02:00

uwe.admin commented

2026-04-27 22:51:49 +02:00

Author

Owner

Implemented #8 → commit 08cd324 — TemporalRepository<T> + ScopeGuardRepository<T> under include/oatpp-authkit/repo/. All five acceptance criteria from the issue covered in test/test_repository_decorators.cpp; ctest now 6/6 green. README updated. Unblocks the fewo-webapp pilot at uwe.admin/fewo-webapp#457.

Implemented #8 → commit 08cd324 — `TemporalRepository<T>` + `ScopeGuardRepository<T>` under `include/oatpp-authkit/repo/`. All five acceptance criteria from the issue covered in `test/test_repository_decorators.cpp`; ctest now 6/6 green. README updated. Unblocks the fewo-webapp pilot at uwe.admin/fewo-webapp#457.

Rows
Columns

Add TemporalRepository<T> + ScopeGuardRepository<T> decorators #8

Scope

TemporalRepository<TDto> (requires TDto : ITemporalEntity)

ScopeGuardRepository<TDto>

Out of scope

Acceptance

`TemporalRepository<TDto>` (requires `TDto : ITemporalEntity`)

`ScopeGuardRepository<TDto>`