UNPKG

@accounter/server

Version:
26 lines (25 loc) 1.14 kB
import { sql } from 'slonik'; /** * Pin DELETE operations to the single write-target business. * * The previous migration (rls-multi-business-scope) replaced the read-side * USING predicate with `owner_id = ANY(get_current_business_scope())`. * PostgreSQL's DELETE command uses only USING (not WITH CHECK), so that change * inadvertently widened the delete envelope to every business in the read * scope — not just the explicit write target. * * This migration adds an AS RESTRICTIVE policy for DELETE on every * tenant-isolated table. A RESTRICTIVE policy ANDs with permissive ones, so a * DELETE row must satisfy BOTH the permissive USING (in scope) AND this * restriction (= write target). Net effect: only rows owned by the current * write-target business can be deleted — the same guarantee that existed before * the multi-business read scope was introduced. */ declare const _default: { name: string; run: ({ connection }: { sql: typeof sql.unsafe; connection: import("slonik").DatabaseTransactionConnection | import("slonik").DatabasePool; }) => Promise<void>; }; export default _default;