From f385fc635874db694b5ff404e7ff9658c528faa4 Mon Sep 17 00:00:00 2001
From: bkellam <bshizzle1234@gmail.com>
Date: Wed, 17 Sep 2025 16:47:41 -0700
Subject: [PATCH] RLS experiment

---
 .../20250917223900_repo_rls/migration.sql     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 packages/db/prisma/migrations/20250917223900_repo_rls/migration.sql

diff --git a/packages/db/prisma/migrations/20250917223900_repo_rls/migration.sql b/packages/db/prisma/migrations/20250917223900_repo_rls/migration.sql
new file mode 100644
index 00000000..cf37c398
--- /dev/null
+++ b/packages/db/prisma/migrations/20250917223900_repo_rls/migration.sql
@@ -0,0 +1,23 @@
+
+ALTER TABLE "Repo" ENABLE ROW LEVEL SECURITY;
+ALTER TABLE "Repo" FORCE ROW LEVEL SECURITY;
+
+-- Policy that enforces repository permissions.
+CREATE POLICY repo_access_policy ON "Repo"
+    USING (
+        (
+            CASE
+                WHEN current_setting('sourcebot.current_user_id', true) = '' 
+                THEN false
+                
+                ELSE EXISTS (
+                    SELECT 1 
+                    FROM "UserToRepoPermission" 
+                    WHERE "repoId" = "Repo"."id" 
+                    AND "userId" = current_setting('sourcebot.current_user_id', true)
+                )
+            END
+        )
+    );
+
+CREATE POLICY bypass_rls ON "Repo" USING (current_setting('sourcebot.bypass_rls', TRUE)::text = 'on');
\ No newline at end of file