archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2025-12-12 20:34:03 +00:00
Code Activity

fix: no primary key on RLS views (#1280)

Browse source 
* fix: no primary key on RLS views

* test: add RLS view regression

* verify and slightly refactor regression test

---------

Co-authored-by: Samuel Štancl <samuel@archte.ch>
This commit is contained in:
Alec 2024-12-30 17:02:50 -06:00 committed by GitHub
parent eff41553d7
commit 05b602e37f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
View file

@ -27,7 +27,7 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
$this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\""); $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\"");
$this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\""); $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\"");
$tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}'"); $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}' AND table_type = 'BASE TABLE'");
// Grant permissions to any existing tables. This is used with RLS // Grant permissions to any existing tables. This is used with RLS
// todo@samuel refactor this along with the todo in TenantDatabaseManager // todo@samuel refactor this along with the todo in TenantDatabaseManager

24
tests/RLS/PolicyTest.php
View file

@ -78,6 +78,30 @@ beforeEach(function () {
}); });
}); });
// Regression test for https://github.com/archtechx/tenancy/pull/1280
test('rls command doesnt fail when a view is in the database', function (string $manager) {
DB::statement("
CREATE VIEW post_comments AS
SELECT
comments.id AS comment_id,
posts.id AS post_id
FROM comments
INNER JOIN posts
ON posts.id = comments.post_id
");
// Inherit RLS rules from joined tables
DB::statement("ALTER VIEW post_comments SET (security_invoker = on)");
config(['tenancy.rls.manager' => $manager]);
// throws an exception without the patch
pest()->artisan('tenants:rls');
})->with([
TableRLSManager::class,
TraitRLSManager::class,
])->throwsNoExceptions();
test('postgres user gets created using the rls command', function(string $manager) { test('postgres user gets created using the rls command', function(string $manager) {
config(['tenancy.rls.manager' => $manager]); config(['tenancy.rls.manager' => $manager]);