feat: add SHOW ACCESS ON NANOFLOW and DESCRIBE MERMAID for nanoflows

retran · retran · commit 613df5659e94 · 2026-04-24T10:44:28.000+02:00
diff --git a/mdl/ast/ast_query.go b/mdl/ast/ast_query.go
@@ -55,6 +55,7 @@ const (
 	ShowAccessOnMicroflow // SHOW ACCESS ON MICROFLOW Module.MF
 	ShowAccessOnPage      // SHOW ACCESS ON PAGE Module.Page
 	ShowAccessOnWorkflow  // SHOW ACCESS ON WORKFLOW Module.WF
+	ShowAccessOnNanoflow  // SHOW ACCESS ON NANOFLOW Module.NF
 	ShowSecurityMatrix    // SHOW SECURITY MATRIX [IN module]
 
 	// OData show types
@@ -160,6 +161,8 @@ func (t ShowObjectType) String() string {
 		return "ACCESS ON PAGE"
 	case ShowAccessOnWorkflow:
 		return "ACCESS ON WORKFLOW"
+	case ShowAccessOnNanoflow:
+		return "ACCESS ON NANOFLOW"
 	case ShowSecurityMatrix:
 		return "SECURITY MATRIX"
 	case ShowODataClients:
diff --git a/mdl/executor/cmd_mermaid.go b/mdl/executor/cmd_mermaid.go
@@ -37,6 +37,8 @@ func describeMermaid(ctx *ExecContext, objectType, name string) error {
 		return microflowToMermaid(ctx, qn)
 	case "page":
 		return pageToMermaid(ctx, qn)
+	case "nanoflow":
+		return nanoflowToMermaid(ctx, qn)
 	default:
 		return mdlerrors.NewUnsupported(fmt.Sprintf("mermaid format not supported for type: %s", objectType))
 	}
@@ -223,22 +225,56 @@ func microflowToMermaid(ctx *ExecContext, name ast.QualifiedName) error {
 		return mdlerrors.NewNotFound("microflow", name.String())
 	}
 
-	return renderMicroflowMermaid(ctx, targetMf, entityNames)
+	return renderFlowMermaid(ctx, targetMf.ObjectCollection, entityNames)
 }
 
-// renderMicroflowMermaid renders a microflow as a Mermaid flowchart.
-func renderMicroflowMermaid(ctx *ExecContext, mf *microflows.Microflow, entityNames map[model.ID]string) error {
+// nanoflowToMermaid renders a nanoflow as a Mermaid flowchart.
+func nanoflowToMermaid(ctx *ExecContext, name ast.QualifiedName) error {
+	h, err := getHierarchy(ctx)
+	if err != nil {
+		return mdlerrors.NewBackend("build hierarchy", err)
+	}
+
+	// Build entity name lookup
+	entityNames := make(map[model.ID]string)
+	domainModels, _ := ctx.Backend.ListDomainModels()
+	for _, dm := range domainModels {
+		modName := h.GetModuleName(dm.ContainerID)
+		for _, entity := range dm.Entities {
+			entityNames[entity.ID] = modName + "." + entity.Name
+		}
+	}
+
+	// Find the nanoflow
+	allNanoflows, err := ctx.Backend.ListNanoflows()
+	if err != nil {
+		return mdlerrors.NewBackend("list nanoflows", err)
+	}
+
+	for _, nf := range allNanoflows {
+		modID := h.FindModuleID(nf.ContainerID)
+		modName := h.GetModuleName(modID)
+		if modName == name.Module && nf.Name == name.Name {
+			return renderFlowMermaid(ctx, nf.ObjectCollection, entityNames)
+		}
+	}
+
+	return mdlerrors.NewNotFound("nanoflow", name.String())
+}
+
+// renderFlowMermaid renders a flow's object collection as a Mermaid flowchart.
+func renderFlowMermaid(ctx *ExecContext, oc *microflows.MicroflowObjectCollection, entityNames map[model.ID]string) error {
 	var sb strings.Builder
 	sb.WriteString("flowchart LR\n")
 
-	if mf.ObjectCollection == nil || len(mf.ObjectCollection.Objects) == 0 {
+	if oc == nil || len(oc.Objects) == 0 {
 		sb.WriteString("    start([Start]) --> stop([End])\n")
 		fmt.Fprint(ctx.Output, sb.String())
 		return nil
 	}
 
 	// Collect all objects and flows recursively (including nested loop bodies)
-	allObjects, allFlows := collectAllObjectsAndFlows(mf.ObjectCollection)
+	allObjects, allFlows := collectAllObjectsAndFlows(oc)
 
 	// Build activity map and find start event
 	activityMap := make(map[model.ID]microflows.MicroflowObject)
diff --git a/mdl/executor/cmd_mermaid_mock_test.go b/mdl/executor/cmd_mermaid_mock_test.go
@@ -114,7 +114,7 @@ func TestDescribeMermaid_UnsupportedType(t *testing.T) {
 	}
 
 	ctx, _ := newMockCtx(t, withBackend(mb))
-	err := describeMermaid(ctx, "nanoflow", "MyModule.Something")
+	err := describeMermaid(ctx, "workflow", "MyModule.Something")
 	assertError(t, err)
 	assertContainsStr(t, fmt.Sprint(err), "not supported")
 }
diff --git a/mdl/executor/cmd_security.go b/mdl/executor/cmd_security.go
@@ -401,6 +401,52 @@ func listAccessOnWorkflow(ctx *ExecContext, name *ast.QualifiedName) error {
 	return mdlerrors.NewUnsupported("show access on workflow is not supported: Mendix workflows do not have document-level AllowedModuleRoles (unlike microflows and pages). Workflow access is controlled through the microflow that triggers the workflow and UserTask targeting")
 }
 
+// listAccessOnNanoflow handles SHOW ACCESS ON NANOFLOW Module.NF.
+func listAccessOnNanoflow(ctx *ExecContext, name *ast.QualifiedName) error {
+	if name == nil {
+		return mdlerrors.NewValidation("nanoflow name required")
+	}
+
+	h, err := getHierarchy(ctx)
+	if err != nil {
+		return mdlerrors.NewBackend("build hierarchy", err)
+	}
+
+	nfs, err := ctx.Backend.ListNanoflows()
+	if err != nil {
+		return mdlerrors.NewBackend("list nanoflows", err)
+	}
+
+	for _, nf := range nfs {
+		modName := h.GetModuleName(h.FindModuleID(nf.ContainerID))
+		if modName == name.Module && nf.Name == name.Name {
+			if ctx.Format == FormatJSON {
+				result := &TableResult{Columns: []string{"Module", "Role"}}
+				for _, role := range nf.AllowedModuleRoles {
+					parts := strings.SplitN(string(role), ".", 2)
+					mod, r := "", string(role)
+					if len(parts) == 2 {
+						mod, r = parts[0], parts[1]
+					}
+					result.Rows = append(result.Rows, []any{mod, r})
+				}
+				return writeResult(ctx, result)
+			}
+			if len(nf.AllowedModuleRoles) == 0 {
+				fmt.Fprintf(ctx.Output, "No module roles granted execute access on %s.%s\n", modName, nf.Name)
+				return nil
+			}
+			fmt.Fprintf(ctx.Output, "Allowed module roles for %s.%s:\n", modName, nf.Name)
+			for _, role := range nf.AllowedModuleRoles {
+				fmt.Fprintf(ctx.Output, "  %s\n", string(role))
+			}
+			return nil
+		}
+	}
+
+	return mdlerrors.NewNotFound("nanoflow", name.String())
+}
+
 // listSecurityMatrix handles SHOW SECURITY MATRIX [IN module].
 func listSecurityMatrix(ctx *ExecContext, moduleName string) error {
 	if ctx.Format == FormatJSON {
diff --git a/mdl/executor/executor_query.go b/mdl/executor/executor_query.go
@@ -75,6 +75,8 @@ func execShow(ctx *ExecContext, s *ast.ShowStmt) error {
 		return listAccessOnPage(ctx, s.Name)
 	case ast.ShowAccessOnWorkflow:
 		return listAccessOnWorkflow(ctx, s.Name)
+	case ast.ShowAccessOnNanoflow:
+		return listAccessOnNanoflow(ctx, s.Name)
 	case ast.ShowSecurityMatrix:
 		return listSecurityMatrix(ctx, s.InModule)
 	case ast.ShowODataClients:
diff --git a/mdl/grammar/MDLParser.g4 b/mdl/grammar/MDLParser.g4
@@ -3075,6 +3075,7 @@ showStatement
     | showOrList ACCESS ON MICROFLOW qualifiedName
     | showOrList ACCESS ON PAGE qualifiedName
     | showOrList ACCESS ON WORKFLOW qualifiedName
+    | showOrList ACCESS ON NANOFLOW qualifiedName
     | showOrList SECURITY MATRIX (IN (qualifiedName | IDENTIFIER))?
     | showOrList ODATA CLIENTS (IN (qualifiedName | IDENTIFIER))?
     | showOrList ODATA SERVICES (IN (qualifiedName | IDENTIFIER))?
diff --git a/mdl/grammar/parser/MDLParser.interp b/mdl/grammar/parser/MDLParser.interp
diff --git a/mdl/grammar/parser/mdl_parser.go b/mdl/grammar/parser/mdl_parser.go
diff --git a/mdl/visitor/visitor_query.go b/mdl/visitor/visitor_query.go

Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ func TestDescribeMermaid_UnsupportedType(t *testing.T) {`
`114`	`114`	`}`
`115`	`115`
`116`	`116`	`ctx, _ := newMockCtx(t, withBackend(mb))`
`117`		`- err := describeMermaid(ctx, "nanoflow", "MyModule.Something")`
	`117`	`+ err := describeMermaid(ctx, "workflow", "MyModule.Something")`
`118`	`118`	`assertError(t, err)`
`119`	`119`	`assertContainsStr(t, fmt.Sprint(err), "not supported")`
`120`	`120`	`}`