Move and update force RLS comment

2025-12-14 03:14:03 +00:00 · 2025-01-14 16:16:52 +01:00 · 2025-01-14 16:16:52 +01:00 · 3fabdf8f33
commit 3fabdf8f33
parent cf8546fe84
1 changed files with 8 additions and 7 deletions
--- a/src/Commands/CreateUserWithRLSPolicies.php
+++ b/src/Commands/CreateUserWithRLSPolicies.php
@ -22,6 +22,14 @@ class CreateUserWithRLSPolicies extends Command

    protected $description = "Creates RLS policies for all tables related to the tenant table. Also creates the RLS user if it doesn't exist yet";

+    /**
+     * Force RLS scoping on the tables, so that the table owner users
+     * don't bypass the scoping (table owners bypass RLS by default).
+     *
+     * E.g. when using a custom implementation where you create tables as the RLS user,
+     * the queries won't be scoped for the RLS user unless we force the RLS scoping using
+     * the `ALTER TABLE {$table} FORCE ROW LEVEL SECURITY` query in the `enableRLS` method.
+     */
    public static bool $forceRls = true;

    public function handle(PermissionControlledPostgreSQLSchemaManager $manager): int
@ -52,13 +60,6 @@ class CreateUserWithRLSPolicies extends Command
        DB::statement("ALTER TABLE {$table} ENABLE ROW LEVEL SECURITY");

        if (static::$forceRls) {
-            /**
-             * Force RLS scoping on the table, so that the table owner users
-             * don't bypass the scoping – table owners bypass RLS by default.
-             *
-             * E.g. when using a custom implementation where you create tables as the RLS user,
-             * the queries won't be scoped for the RLS user unless we force the RLS scoping using this query.
-             */
            DB::statement("ALTER TABLE {$table} FORCE ROW LEVEL SECURITY");
        }
    }