archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2026-02-05 18:54:03 +00:00
Code Activity

Scope queries using Postgres RLS (WIP)

Browse source
This commit is contained in:
lukinovec 2023-05-09 16:07:06 +02:00
parent 3c098dc78e
commit 17d779e130
6 changed files with 71 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/Commands/CreateRLSPoliciesForTenantTables.php
View file

@ -35,7 +35,7 @@ class CreateRLSPoliciesForTenantTables extends Command
{$parentKey} IN (
SELECT id
FROM {$parentTable}
WHERE ({$tenantKey}::TEXT = (
WHERE ({$tenantKey}::UUID = (
SELECT {$tenantKey}
FROM {$parentTable}
WHERE id = {$parentKey}
@ -43,7 +43,7 @@ class CreateRLSPoliciesForTenantTables extends Command
)
)");
DB::statement("ALTER TABLE {$table} FORCE ROW LEVEL SECURITY");
$this->makeTableUseRls($table);
} else {
$modelName = $model::class;
$this->components->info("Table '$table' is not related to tenant. Make sure $modelName uses the BelongsToPrimaryModel trait.");
@ -51,7 +51,7 @@ class CreateRLSPoliciesForTenantTables extends Command
} else {
DB::statement("CREATE POLICY {$table}_rls_policy ON {$table} USING ({$tenantKey}::TEXT = current_user);");
DB::statement("ALTER TABLE {$table} FORCE ROW LEVEL SECURITY");
$this->makeTableUseRls($table);
$this->components->info("Created RLS policy for table '$table'");
}
@ -64,4 +64,10 @@ class CreateRLSPoliciesForTenantTables extends Command
{
return array_map(fn (string $modelName) => (new $modelName), config('tenancy.models.rls'));
}
protected function makeTableUseRls(string $table): void
{
DB::statement("ALTER TABLE {$table} ENABLE ROW LEVEL SECURITY");
DB::statement("ALTER TABLE {$table} FORCE ROW LEVEL SECURITY");
}
}