mirror of
https://github.com/archtechx/tenancy.git
synced 2026-02-05 05:44:04 +00:00
Update RLS policy command (use DB transactions, improve nesting)
This commit is contained in:
lukinovec
parent
0991f62aa5
commit
0a6c1b69ea
1 changed files with 34 additions and 22 deletions
|
|
@ -7,6 +7,7 @@ namespace Stancl\Tenancy\Commands;
|
||||||
use Illuminate\Console\Command;
|
use Illuminate\Console\Command;
|
||||||
use Illuminate\Support\Facades\DB;
|
use Illuminate\Support\Facades\DB;
|
||||||
use Illuminate\Support\Facades\Schema;
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
use Illuminate\Database\Eloquent\Model;
|
||||||
use Stancl\Tenancy\Database\Concerns\BelongsToPrimaryModel;
|
use Stancl\Tenancy\Database\Concerns\BelongsToPrimaryModel;
|
||||||
|
|
||||||
class CreateRLSPoliciesForTenantTables extends Command
|
class CreateRLSPoliciesForTenantTables extends Command
|
||||||
|
|
@ -21,35 +22,19 @@ class CreateRLSPoliciesForTenantTables extends Command
|
||||||
foreach ($tenantModels as $model) {
|
foreach ($tenantModels as $model) {
|
||||||
$table = $model->getTable();
|
$table = $model->getTable();
|
||||||
|
|
||||||
DB::statement("DROP POLICY IF EXISTS {$table}_rls_policy ON {$table}");
|
DB::transaction(fn () => DB::statement("DROP POLICY IF EXISTS {$table}_rls_policy ON {$table}"));
|
||||||
|
|
||||||
if (! Schema::hasColumn($table, $tenantKey)) {
|
if (! Schema::hasColumn($table, $tenantKey)) {
|
||||||
// Table is not directly related to tenant
|
// Table is not directly related to tenant
|
||||||
if (in_array(BelongsToPrimaryModel::class, class_uses_recursive($model::class))) {
|
if (in_array(BelongsToPrimaryModel::class, class_uses_recursive($model::class))) {
|
||||||
$parentName = $model->getRelationshipToPrimaryModel();
|
$this->makeModelUseRls($model);
|
||||||
$parentKey = $model->$parentName()->getForeignKeyName();
|
|
||||||
$parentModel = $model->$parentName()->make();
|
|
||||||
$parentTable = str($parentModel->getTable())->toString();
|
|
||||||
|
|
||||||
DB::statement("CREATE POLICY {$table}_rls_policy ON {$table} USING (
|
|
||||||
{$parentKey} IN (
|
|
||||||
SELECT id
|
|
||||||
FROM {$parentTable}
|
|
||||||
WHERE ({$tenantKey} = (
|
|
||||||
SELECT {$tenantKey}
|
|
||||||
FROM {$parentTable}
|
|
||||||
WHERE id = {$parentKey}
|
|
||||||
))
|
|
||||||
)
|
|
||||||
)");
|
|
||||||
|
|
||||||
$this->makeTableUseRls($table);
|
|
||||||
} else {
|
} else {
|
||||||
$modelName = $model::class;
|
$modelName = $model::class;
|
||||||
|
|
||||||
$this->components->info("Table '$table' is not related to tenant. Make sure $modelName uses the BelongsToPrimaryModel trait.");
|
$this->components->info("Table '$table' is not related to tenant. Make sure $modelName uses the BelongsToPrimaryModel trait.");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
DB::statement("CREATE POLICY {$table}_rls_policy ON {$table} USING ({$tenantKey}::TEXT = current_user);");
|
DB::transaction(fn () => DB::statement("CREATE POLICY {$table}_rls_policy ON {$table} USING ({$tenantKey}::TEXT = current_user);"));
|
||||||
|
|
||||||
$this->makeTableUseRls($table);
|
$this->makeTableUseRls($table);
|
||||||
|
|
||||||
|
|
@ -65,9 +50,36 @@ class CreateRLSPoliciesForTenantTables extends Command
|
||||||
return array_map(fn (string $modelName) => (new $modelName), config('tenancy.models.rls'));
|
return array_map(fn (string $modelName) => (new $modelName), config('tenancy.models.rls'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function makeModelUseRls(Model $model): void
|
||||||
|
{
|
||||||
|
$table = $model->getTable();
|
||||||
|
$tenantKey = tenancy()->tenantKeyColumn();
|
||||||
|
|
||||||
|
$parentName = $model->getRelationshipToPrimaryModel();
|
||||||
|
$parentKey = $model->$parentName()->getForeignKeyName();
|
||||||
|
$parentModel = $model->$parentName()->make();
|
||||||
|
$parentTable = str($parentModel->getTable())->toString();
|
||||||
|
|
||||||
|
DB::transaction(fn () => DB::statement("CREATE POLICY {$table}_rls_policy ON {$table} USING (
|
||||||
|
{$parentKey} IN (
|
||||||
|
SELECT id
|
||||||
|
FROM {$parentTable}
|
||||||
|
WHERE ({$tenantKey} = (
|
||||||
|
SELECT {$tenantKey}
|
||||||
|
FROM {$parentTable}
|
||||||
|
WHERE id = {$parentKey}
|
||||||
|
))
|
||||||
|
)
|
||||||
|
)"));
|
||||||
|
|
||||||
|
$this->makeTableUseRls($table);
|
||||||
|
}
|
||||||
|
|
||||||
protected function makeTableUseRls(string $table): void
|
protected function makeTableUseRls(string $table): void
|
||||||
{
|
{
|
||||||
DB::statement("ALTER TABLE {$table} ENABLE ROW LEVEL SECURITY");
|
DB::transaction(function () use ($table) {
|
||||||
DB::statement("ALTER TABLE {$table} FORCE ROW LEVEL SECURITY");
|
DB::statement("ALTER TABLE {$table} ENABLE ROW LEVEL SECURITY");
|
||||||
|
DB::statement("ALTER TABLE {$table} FORCE ROW LEVEL SECURITY");
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue