Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG]: When using RLS policies and Views, the view is the last clause generated #3378

Closed
pffigueiredo opened this issue Nov 1, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@pffigueiredo
Copy link

What version of drizzle-orm are you using?

0.36.0

What version of drizzle-kit are you using?

0.27.0

Describe the Bug

Description

When we need to combine the view with RLS policies, the view clause needs to come before these policies to make sure there are no reference errors.

However, as of right now, when defining a view after some tables with RLS policies, the create view clause is being placed after these policies, which lead to errors when running the generated .sql.

PROBLEM EXAMPLE

Running drizzle-kit generate:

export const chats = pgTable(
  'chats',
  {
  ...
  },
  (table) => [
    crudPolicy({
      role: authenticatedRole,
      read: sql`((select auth.user_id()) in (select user_id from MY_CHATS_PARTICIPANTS where chat_id = ${table.id}))`,
      modify: authUid(table.ownerId),
    }),
  ]
);

export const myChatParticipantsView = pgView('my_chats_participants')
  .with({
    securityInvoker: true,
  })
  .as((qb) => {
    ....
  });

Will generate 👇

create table 'chats' ...;

# error here ❌ , the view hasn't been created yet
CREATE POLICY "crud-authenticated-policy-select" ON "chats" AS PERMISSIVE FOR SELECT TO "authenticated" USING (((select auth.user_id()) in (select user_id from MY_CHATS_PARTICIPANTS where chat_id = "chats"."id")));--> statement-breakpoint


CREATE VIEW "public"."my_chats_participants" WITH (security_invoker = true) AS (select "chat_id", "user_id" from "chat_participants" where "chat_participants"."chat_id" in (select "chat_id" from "chat_participants" where "chat_participants"."user_id" = auth.user_id()));

Expected behavior

The create view clause ,or any database objects that can be referenced in the RLS policies, should always be defined BEFORE the RLS policies clause.

Environment & setup

No response

@pffigueiredo pffigueiredo added the bug Something isn't working label Nov 1, 2024
@AndriiSherman
Copy link
Member

fixed in [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants