1. ホーム
  2. 質問と答え
  3. Postgresの1つのテーブルのRLSの不一致

Postgresの1つのテーブルのRLSの不一致

2017-10-25 3 views
0

私はマルチテナンシーモデルでRLSを使用しています。私が有効にした最初のいくつかのテーブルで問題はありません。次に、新しいテーブルにRLSを追加し、突然そのテーブルにレコードを挿入できません。ここでPostgresの1つのテーブルのRLSの不一致

作品のテーブルです:

CREATE TABLE wtr.adjustment (
    id uuid UNIQUE NOT NULL DEFAULT uuid_generate_v1(), 
    created_at timestamp NOT NULL DEFAULT current_timestamp, 
    updated_at timestamp NOT NULL DEFAULT current_timestamp, 
    vendor_id uuid NOT NULL, 
    reporting_period_id uuid NOT NULL, 
    inventory_lot_id uuid NOT NULL, 
    adjustment_date date NOT NULL, 
    quantity_delta NUMERIC(50,2) NOT NULL, 
    adjustment_type wtr.adjustment_type NOT NULL, 
    comments text, 
    CONSTRAINT pk_adjustment PRIMARY KEY (id) 
); 
--||-- 
GRANT select, insert, update, delete ON TABLE wtr.adjustment TO wtr_user; 
--||-- 
ALTER TABLE wtr.adjustment ADD CONSTRAINT fk_adjustment_vendor FOREIGN KEY (vendor_id) REFERENCES wtr.vendor(id); 
--||-- 
ALTER TABLE wtr.adjustment ADD CONSTRAINT fk_adjustment_reporting_period FOREIGN KEY (reporting_period_id) REFERENCES wtr.reporting_period(id); 
--||-- 
ALTER TABLE wtr.adjustment ADD CONSTRAINT fk_adjustment_inventory_lot FOREIGN KEY (inventory_lot_id) REFERENCES wtr.inventory_lot(id); 
--||-- 
ALTER TABLE wtr.adjustment ENABLE ROW LEVEL SECURITY; 
--||-- 
CREATE POLICY select_adjustment ON wtr.adjustment FOR SELECT 
    USING (vendor_id = wtr.current_vendor_id()); 
--||-- 
CREATE FUNCTION wtr.fn_timestamp_update_adjustment() RETURNS trigger AS $$ 
BEGIN 
    NEW.updated_at = current_timestamp; 
    RETURN NEW; 
END; $$ LANGUAGE plpgsql; 
--||-- 
CREATE TRIGGER tg_timestamp_update_adjustment 
    BEFORE UPDATE ON wtr.adjustment 
    FOR EACH ROW 
    EXECUTE PROCEDURE wtr.fn_timestamp_update_adjustment(); 
--||--

と作品に関連する機能:

​​

をここでは失敗した表である:

CREATE TABLE wtr.received_inventory_transfer (
    id uuid UNIQUE NOT NULL DEFAULT uuid_generate_v1(), 
    created_at timestamp NOT NULL DEFAULT current_timestamp, 
    updated_at timestamp NOT NULL DEFAULT current_timestamp, 
    vendor_id uuid NOT NULL, 
    reporting_period_id uuid NOT NULL, 
    inventory_lot_id uuid NOT NULL, 
    transfer_date DATE NOT NULL, 
    quantity_received NUMERIC(50,2) NOT NULL, 
    CONSTRAINT pk_received_inventory_transfer PRIMARY KEY (id) 
); 
--||-- 
GRANT select, insert, update, delete ON TABLE wtr.received_inventory_transfer TO wtr_user; 
--||-- 
ALTER TABLE wtr.received_inventory_transfer ADD CONSTRAINT fk_received_inventory_transfer_vendor FOREIGN KEY (vendor_id) REFERENCES wtr.vendor(id); 
--||-- 
ALTER TABLE wtr.received_inventory_transfer ADD CONSTRAINT fk_received_inventory_transfer_reporting_period FOREIGN KEY (reporting_period_id) REFERENCES wtr.reporting_period(id); 
--||-- 
ALTER TABLE wtr.received_inventory_transfer ADD CONSTRAINT fk_received_inventory_transfer_inventory_lot FOREIGN KEY (inventory_lot_id) REFERENCES wtr.inventory_lot(id); 
--||-- 
ALTER TABLE wtr.received_inventory_transfer ENABLE ROW LEVEL SECURITY; 
--||-- 
CREATE POLICY select_received_inventory_transfer ON wtr.received_inventory_transfer FOR SELECT USING (vendor_id = wtr.current_vendor_id()); 
--||-- 
CREATE FUNCTION wtr.fn_timestamp_update_received_inventory_transfer() RETURNS trigger AS $$ 
BEGIN 
    NEW.updated_at = current_timestamp; 
    RETURN NEW; 
END; $$ LANGUAGE plpgsql; 
--||-- 
CREATE TRIGGER tg_timestamp_update_received_inventory_transfer 
    BEFORE UPDATE ON wtr.received_inventory_transfer 
    FOR EACH ROW 
    EXECUTE PROCEDURE wtr.fn_timestamp_update_received_inventory_transfer(); 
--||--

と関連する失敗機能:

CREATE OR REPLACE FUNCTION wtr.build_received_inventory_transfers(
    _reporting_period_id uuid, 
    _transfer_date text 
-- _received_inventory_transfers jsonb 
) 
RETURNS wtr.received_inventory_transfer as $$ 
DECLARE 
    _vendor_id uuid; 
    _inventory_lot wtr.inventory_lot; 
    _received_inventory_transfer_info jsonb; 
    _received_inventory_transfer wtr.received_inventory_transfer; 
    _quantity numeric(50,2); 
BEGIN 
_vendor_id := wtr.current_vendor_id(); 

-- this call is currently hard coded for debug purposes 
    _inventory_lot := wtr.find_or_build_existing_inventory_lot(
    'tacos', 
    'N/A', 
    '1234123412341234', 
    'Hash' 
    ); 

-- again, this is hard-coded for debug purposes 
RAISE EXCEPTION 'v: %, rp: %, il: %, td: %, q: %', 
     _vendor_id, 
     _reporting_period_id, 
     _inventory_lot.id, 
     _transfer_date::DATE, 
     20 
; 

-- this is the call that fails 
    INSERT INTO wtr.received_inventory_transfer(
     vendor_id, 
     reporting_period_id, 
     inventory_lot_id, 
     transfer_date, 
     quantity_received 
    ) 
    SELECT 
     _vendor_id, 
     _reporting_period_id, 
     _inventory_lot.id, 
     _transfer_date::DATE, 
     20 
    RETURNING * 
    INTO _received_inventory_transfer; 

    RETURN _received_inventory_transfer; 
    END; 
$$ language plpgsql; 
--||-- 
GRANT execute ON FUNCTION wtr.build_received_inventory_transfers(
    uuid, 
    text 
-- jsonb 
) TO wtr_user;

current_vendor_id関数は、postgraphileであるサーバーによって渡されるjwtトークンの要求を使用します。この情報は、ログが私を示すことがすべてです

new row violates row-level security policy for table 
\"received_inventory_transfer\"",

:と挿入文で
は、呼び出しは失敗します。

私の本当の疑問は、どのように私はさらにRLSポリシーをデバッグできますか? RLSのみを有効にして、選択ポリシーを作成しない場合、同じ障害が発生します。当然の

出典

2017-10-25 Kevin Burkett

答えて

0

、次のことは、私は考え出し:

はCHECK WITH INSERT FOR wtr.received_inventory_transferに関する政策insert_received_inventory_transferをCREATE(VENDOR_ID = wtr.current_vendor_id());

出典

2017-10-25 16:05:09

関連する問題

 関連する問題