From 05b602e37f8b64238944475ce479b0bff675b880 Mon Sep 17 00:00:00 2001
From: Alec <alefors@superfile.com>
Date: Mon, 30 Dec 2024 17:02:50 -0600
Subject: [PATCH] fix: no primary key on RLS views (#1280)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: no primary key on RLS views

* test: add RLS view regression

* verify and slightly refactor regression test

---------

Co-authored-by: Samuel Štancl <samuel@archte.ch>
---
 ...ssionControlledPostgreSQLSchemaManager.php |  2 +-
 tests/RLS/PolicyTest.php                      | 24 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php b/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
index fda4a836..5462eafe 100644
--- a/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
+++ b/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
@@ -27,7 +27,7 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
         $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\"");
         $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\"");
 
-        $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}'");
+        $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}' AND table_type = 'BASE TABLE'");
 
         // Grant permissions to any existing tables. This is used with RLS
         // todo@samuel refactor this along with the todo in TenantDatabaseManager
diff --git a/tests/RLS/PolicyTest.php b/tests/RLS/PolicyTest.php
index dd7c502d..7c7165bc 100644
--- a/tests/RLS/PolicyTest.php
+++ b/tests/RLS/PolicyTest.php
@@ -78,6 +78,30 @@ beforeEach(function () {
     });
 });
 
+// Regression test for https://github.com/archtechx/tenancy/pull/1280
+test('rls command doesnt fail when a view is in the database', function (string $manager) {
+    DB::statement("
+        CREATE VIEW post_comments AS
+        SELECT
+            comments.id AS comment_id,
+            posts.id AS post_id
+        FROM comments
+        INNER JOIN posts
+            ON posts.id = comments.post_id
+    ");
+
+    // Inherit RLS rules from joined tables
+    DB::statement("ALTER VIEW post_comments SET (security_invoker = on)");
+
+    config(['tenancy.rls.manager' => $manager]);
+
+    // throws an exception without the patch
+    pest()->artisan('tenants:rls');
+})->with([
+    TableRLSManager::class,
+    TraitRLSManager::class,
+])->throwsNoExceptions();
+
 test('postgres user gets created using the rls command', function(string $manager) {
     config(['tenancy.rls.manager' => $manager]);