fix(db): Onda 19 follow-up — track trigger functions + restaurar segurança da view #219
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| -- ================================================================= | ||
| -- Onda 19 follow-up: rastrear funções de trigger + restaurar segurança da view | ||
| -- | ||
| -- Contexto (PR #214 review items não resolvidos): | ||
| -- | ||
| -- P1 (CodeRabbit) — fn_quotes_calc_real_values e fn_kit_print_area_normalizar_eixos | ||
| -- existiam apenas como drift de PROD; não estavam em nenhuma migration. | ||
| -- Em `supabase db reset` / novo ambiente, os triggers recriados pela Onda 19 | ||
| -- falhariam com "function does not exist". Este migration registra as | ||
| -- definições exatas conforme extraído de PROD em 2026-05-15. | ||
| -- | ||
| -- P1/P2 (Copilot + CodeRabbit) — DROP+RECREATE de v_audit_paradoxos_gravacao | ||
| -- na Onda 19 resetou `security_invoker` e grants: anon e authenticated | ||
| -- receberam acesso completo (confirmado via pg_class.relacl). A view é | ||
| -- classificada como "auditoria interna / service_role apenas" em | ||
| -- docs/redeploy/REDEPLOY-FASE2-EXECUTION-LOG.md — hardening revertido. | ||
| -- | ||
| -- Padrão aplicado (idêntico a T15 e t34b): | ||
| -- ALTER VIEW ... SET (security_invoker = true) | ||
| -- REVOKE ALL ... FROM anon | ||
| -- REVOKE ALL ... FROM authenticated | ||
| -- ================================================================= | ||
|
|
||
| BEGIN; | ||
|
|
||
| -- ---------------------------------------------------------------- | ||
| -- 1. fn_quotes_calc_real_values | ||
| -- Trigger BEFORE em quotes: calcula real_subtotal e real_discount_percent | ||
| -- a partir do subtotal com markup já aplicado (negotiation_markup_percent). | ||
| -- Limite de markup: 0-50% (LEAST/GREATEST). | ||
| -- ---------------------------------------------------------------- | ||
| CREATE OR REPLACE FUNCTION public.fn_quotes_calc_real_values() | ||
|
There was a problem hiding this comment.
In a fresh database these new trigger functions are created after Useful? React with 👍 / 👎. |
||
| RETURNS trigger | ||
| LANGUAGE plpgsql | ||
| SET search_path TO 'pg_catalog', 'public' | ||
| AS $function$ | ||
|
Comment on lines
+24
to
+36
|
||
| DECLARE | ||
| v_markup numeric; | ||
| BEGIN | ||
| v_markup := LEAST(50, GREATEST(0, COALESCE(NEW.negotiation_markup_percent, 0))); | ||
| NEW.negotiation_markup_percent := v_markup; | ||
|
|
||
| IF v_markup > 0 THEN | ||
| NEW.real_subtotal := ROUND(NEW.subtotal / (1 + v_markup / 100.0), 2); | ||
| ELSE | ||
| NEW.real_subtotal := NEW.subtotal; | ||
| END IF; | ||
|
|
||
| IF NEW.real_subtotal > 0 THEN | ||
| NEW.real_discount_percent := ROUND( | ||
| ((NEW.real_subtotal - (NEW.subtotal - COALESCE(NEW.discount_amount, 0))) / NEW.real_subtotal) * 100, | ||
| 2 | ||
| ); | ||
| ELSE | ||
| NEW.real_discount_percent := 0; | ||
| END IF; | ||
|
|
||
| RETURN NEW; | ||
| END | ||
|
|
||
| $function$; | ||
|
Comment on lines
+59
to
+60
There was a problem hiding this comment.
PostgreSQL parses the dollar-quoted body as PL/pgSQL and the final Useful? React with 👍 / 👎. |
||
|
|
||
| COMMENT ON FUNCTION public.fn_quotes_calc_real_values() IS | ||
| 'Onda 19 follow-up: registra em migrations função que existia só como drift. ' | ||
| 'Calcula real_subtotal e real_discount_percent a partir do subtotal COM markup; ' | ||
| 'clamp markup 0-50%. Usada pelo trigger trg_quotes_calc_real_values.'; | ||
|
|
||
| -- ---------------------------------------------------------------- | ||
| -- 2. fn_kit_print_area_normalizar_eixos | ||
| -- Trigger BEFORE em kit_component_print_areas: arredonda max_width/max_height | ||
| -- a 2 casas decimais e garante largura >= altura (normalização de eixos). | ||
| -- ---------------------------------------------------------------- | ||
| CREATE OR REPLACE FUNCTION public.fn_kit_print_area_normalizar_eixos() | ||
| RETURNS trigger | ||
| LANGUAGE plpgsql | ||
| SET search_path TO 'pg_catalog', 'public' | ||
| AS $function$ | ||
| DECLARE | ||
| v_temp numeric; | ||
| BEGIN | ||
| -- Arredondar a 2 casas decimais (resolução 1mm) - GAP #6 | ||
| IF NEW.max_width IS NOT NULL THEN | ||
| NEW.max_width := ROUND(NEW.max_width::numeric, 2); | ||
| END IF; | ||
| IF NEW.max_height IS NOT NULL THEN | ||
| NEW.max_height := ROUND(NEW.max_height::numeric, 2); | ||
| END IF; | ||
|
|
||
| -- Normalizar eixos: largura sempre >= altura - GAP #10 | ||
| IF NEW.max_height IS NOT NULL AND NEW.max_width IS NOT NULL | ||
| AND NEW.max_height > NEW.max_width THEN | ||
| v_temp := NEW.max_width; | ||
| NEW.max_width := NEW.max_height; | ||
| NEW.max_height := v_temp; | ||
| END IF; | ||
|
|
||
| RETURN NEW; | ||
| END | ||
| $function$; | ||
|
|
||
| COMMENT ON FUNCTION public.fn_kit_print_area_normalizar_eixos() IS | ||
| 'Onda 19 follow-up: registra em migrations função que existia só como drift. ' | ||
| 'Arredonda max_width/max_height a 2 casas e normaliza eixos (largura >= altura). ' | ||
| 'Usada pelo trigger trg_kit_print_area_normalizar_eixos.'; | ||
|
|
||
| -- ---------------------------------------------------------------- | ||
| -- 3. Restaurar hardening de v_audit_paradoxos_gravacao | ||
| -- A Onda 19 fez DROP + CREATE OR REPLACE que resetou reloptions e ACL. | ||
| -- pg_class.relacl pós-Onda19 confirmou: anon e authenticated com acesso total. | ||
| -- View é interna/service_role-only (REDEPLOY-FASE2-EXECUTION-LOG.md). | ||
| -- ---------------------------------------------------------------- | ||
| ALTER VIEW public.v_audit_paradoxos_gravacao SET (security_invoker = true); | ||
|
|
||
| REVOKE ALL ON public.v_audit_paradoxos_gravacao FROM anon; | ||
| REVOKE ALL ON public.v_audit_paradoxos_gravacao FROM authenticated; | ||
|
|
||
| COMMIT; | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This migration is timestamped after
20260515030000_onda19_numeric_precision.sql, but that earlier migration recreatestrg_quotes_calc_real_valuesandtrg_kit_print_area_normalizar_eixoswithEXECUTE FUNCTION public.fn_quotes_calc_real_values()/public.fn_kit_print_area_normalizar_eixos()before the definitions added here exist. I checked repo-wide withrgand these functions are only defined in this new20260515040000file, so a freshsupabase db resetor new environment still fails in the20260515030000migration and never reaches this follow-up. The function definitions need to be available before the trigger recreation, e.g. by moving them into an earlier migration or a pre-0300 migration.Useful? React with 👍 / 👎.