From fdd9b10bf0322eba53ff58fdfa059c2360645e90 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Wed, 13 Jul 2022 16:06:40 +0800 Subject: [PATCH] add delete_user_rls to user table --- .../0086.undo.grant_delete_on_user_table.sql | 2 +- .../migrations/0087.do.grant_delete_rls_on_user.sql | 11 +++++++++++ .../migrations/0087.undo.grant_delete_rls_on_user.sql | 9 +++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100755 packages/db/migrations/0087.do.grant_delete_rls_on_user.sql create mode 100755 packages/db/migrations/0087.undo.grant_delete_rls_on_user.sql diff --git a/packages/db/migrations/0086.undo.grant_delete_on_user_table.sql b/packages/db/migrations/0086.undo.grant_delete_on_user_table.sql index 0dd09b6ff..7422cecbc 100755 --- a/packages/db/migrations/0086.undo.grant_delete_on_user_table.sql +++ b/packages/db/migrations/0086.undo.grant_delete_on_user_table.sql @@ -4,6 +4,6 @@ BEGIN; --- do nothing here, there's no reason to undo this migration. +REVOKE DELETE ON omnivore.user FROM omnivore_user; COMMIT; diff --git a/packages/db/migrations/0087.do.grant_delete_rls_on_user.sql b/packages/db/migrations/0087.do.grant_delete_rls_on_user.sql new file mode 100755 index 000000000..dd7891df5 --- /dev/null +++ b/packages/db/migrations/0087.do.grant_delete_rls_on_user.sql @@ -0,0 +1,11 @@ +-- Type: DO +-- Name: grant_delete_rls_on_users +-- Description: Add RLS delete permission to the users table + +BEGIN; + +CREATE POLICY delete_users on omnivore.user + FOR DELETE TO omnivore_user + USING (id = omnivore.get_current_user_id()); + +COMMIT; diff --git a/packages/db/migrations/0087.undo.grant_delete_rls_on_user.sql b/packages/db/migrations/0087.undo.grant_delete_rls_on_user.sql new file mode 100755 index 000000000..f23c544ce --- /dev/null +++ b/packages/db/migrations/0087.undo.grant_delete_rls_on_user.sql @@ -0,0 +1,9 @@ +-- Type: UNDO +-- Name: grant_delete_rls_on_users +-- Description: Add RLS delete permission to the users table + +BEGIN; + +DROP POLICY delete_users ON omnivore.user; + +COMMIT;