Created
December 6, 2018 21:30
-
-
Save cazzer/a69d59c2db0d51fec70c9db379f36911 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create role application_user; | |
| grant all on all table in schema public to application_user; | |
| create policy thing_owner | |
| on things | |
| as permissive | |
| for all | |
| to application_user | |
| using ( | |
| exists( | |
| select thing_id | |
| from permissions | |
| where ( | |
| permissions.user_id = current_setting('user_id')::uuid | |
| and permissions.item_id = items.id | |
| ) | |
| ) | |
| ) | |
| with check ( | |
| exists( | |
| select item_id | |
| from permissions | |
| where ( | |
| permissions.user_id = current_setting('user_id')::uuid | |
| and permissions.item_id = items.id | |
| ) | |
| ) | |
| ); | |
| create policy new_thing | |
| on things | |
| as permissive | |
| for insert | |
| to application_user | |
| with check (true); | |
| alter table things enable row level security; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment