Skip to content

Commit 04185ea

Browse files
sthelemannsthelemann
committed
Chore: define policies in table definition files
For tables `vibetype.notification` and `vibetype.notification_invitation` the policies were moved to the table files, making the policy files obsolete.
1 parent 748758a commit 04185ea

13 files changed

Lines changed: 300 additions & 1655 deletions

src/deploy/table_notification.sql

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,13 @@ COMMENT ON COLUMN vibetype.notification.payload IS 'The notification''s payload.
1919
COMMENT ON COLUMN vibetype.notification.created_by IS E'@omit create\nReference to the account that created the notification.';
2020
COMMENT ON COLUMN vibetype.notification.created_at IS 'The timestamp of the notification''s creation.';
2121

22+
GRANT SELECT, INSERT ON vibetype.notification TO vibetype_account;
23+
24+
ALTER TABLE vibetype.notification ENABLE ROW LEVEL SECURITY;
25+
26+
CREATE POLICY notification_all ON vibetype.notification FOR ALL
27+
USING (
28+
created_by = vibetype.invoker_account_id()
29+
);
30+
2231
COMMIT;

src/deploy/table_notification_invitation.sql

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,23 @@ COMMENT ON COLUMN vibetype.notification_invitation.guest_id IS 'The ID of the gu
1010

1111
CREATE INDEX idx_invitation_guest_id ON vibetype.notification_invitation USING btree (guest_id);
1212

13+
GRANT SELECT, INSERT ON vibetype.notification_invitation TO vibetype_account;
14+
15+
ALTER TABLE vibetype.notification_invitation ENABLE ROW LEVEL SECURITY;
16+
17+
CREATE POLICY notification_invitation_all ON vibetype.notification_invitation FOR ALL
18+
USING (
19+
created_by = vibetype.invoker_account_id()
20+
);
21+
22+
CREATE POLICY notification_invitation_insert ON vibetype.notification_invitation FOR INSERT
23+
WITH CHECK (
24+
vibetype.invoker_account_id() = (
25+
SELECT e.created_by
26+
FROM vibetype.guest g
27+
JOIN vibetype.event e ON g.event_id = e.id
28+
WHERE g.id = guest_id
29+
)
30+
);
31+
1332
COMMIT;

src/deploy/table_notification_invitation_policy.sql

Lines changed: 0 additions & 22 deletions
This file was deleted.

src/deploy/table_notification_policy.sql

Lines changed: 0 additions & 12 deletions
This file was deleted.

src/revert/table_notification.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
BEGIN;
22

3+
DROP POLICY notification_all ON vibetype.notification;
4+
35
DROP TABLE vibetype.notification;
46

57
COMMIT;

src/revert/table_notification_invitation.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
BEGIN;
22

3+
DROP POLICY notification_invitation_all ON vibetype.notification_invitation;
4+
DROP POLICY notification_invitation_insert ON vibetype.notification_invitation;
5+
36
DROP TABLE vibetype.notification_invitation;
47

58
COMMIT;

src/revert/table_notification_invitation_policy.sql

Lines changed: 0 additions & 6 deletions
This file was deleted.

src/revert/table_notification_policy.sql

Lines changed: 0 additions & 5 deletions
This file was deleted.

src/verify/table_notification.sql

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,16 @@ SELECT id,
88
created_at
99
FROM vibetype.notification WHERE FALSE;
1010

11+
DO $$
12+
BEGIN
13+
ASSERT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification', 'SELECT'));
14+
ASSERT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification', 'INSERT'));
15+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification', 'UPDATE'));
16+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification', 'DELETE'));
17+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification', 'SELECT'));
18+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification', 'INSERT'));
19+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification', 'UPDATE'));
20+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification', 'DELETE'));
21+
END $$;
22+
1123
ROLLBACK;

src/verify/table_notification_invitation.sql

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,16 @@ SELECT
1313
FROM vibetype.notification_invitation
1414
WHERE FALSE;
1515

16+
DO $$
17+
BEGIN
18+
ASSERT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification_invitation', 'SELECT'));
19+
ASSERT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification_invitation', 'INSERT'));
20+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification_invitation', 'UPDATE'));
21+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_account', 'vibetype.notification_invitation', 'DELETE'));
22+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification_invitation', 'SELECT'));
23+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification_invitation', 'INSERT'));
24+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification_invitation', 'UPDATE'));
25+
ASSERT NOT (SELECT pg_catalog.has_table_privilege('vibetype_anonymous', 'vibetype.notification_invitation', 'DELETE'));
26+
END $$;
27+
1628
ROLLBACK;

0 commit comments

Comments
 (0)