ti.sil/sourcebot
1
0
Fork 0
mirror of https://github.com/sourcebot-dev/sourcebot.git synced 2025-12-11 20:05:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

RLS experiment

Browse source
This commit is contained in:
bkellam 2025-09-17 16:47:41 -07:00
parent 0a3a63c8f0
commit f385fc6358
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
packages/db/prisma/migrations/20250917223900_repo_rls/migration.sql Normal file
View file

@ -0,0 +1,23 @@
ALTER TABLE "Repo" ENABLE ROW LEVEL SECURITY;
ALTER TABLE "Repo" FORCE ROW LEVEL SECURITY;
-- Policy that enforces repository permissions.
CREATE POLICY repo_access_policy ON "Repo"
USING (
(
CASE
WHEN current_setting('sourcebot.current_user_id', true) = ''
THEN false
ELSE EXISTS (
SELECT 1
FROM "UserToRepoPermission"
WHERE "repoId" = "Repo"."id"
AND "userId" = current_setting('sourcebot.current_user_id', true)
)
END
)
);
CREATE POLICY bypass_rls ON "Repo" USING (current_setting('sourcebot.bypass_rls', TRUE)::text = 'on');