fix: adjust RLS configs into postgres

Bulletdev · Bulletdev · commit 69ca6fc787ac · 2026-02-11T07:43:53.000-03:00
diff --git a/app/controllers/concerns/row_level_security.rb b/app/controllers/concerns/row_level_security.rb
@@ -10,16 +10,22 @@ module RowLevelSecurity
   def with_rls_context
     return yield unless current_user && current_organization
 
-    # Set PostgreSQL session variables for RLS
-    ActiveRecord::Base.connection.execute(
-      "SET LOCAL app.current_user_id = '#{current_user.id}';"
-    )
-    ActiveRecord::Base.connection.execute(
-      "SET LOCAL app.current_organization_id = '#{current_organization.id}';"
-    )
-    ActiveRecord::Base.connection.execute(
-      "SET LOCAL app.user_role = '#{current_user.role}';"
-    )
+    begin
+      # Set PostgreSQL session variables for RLS
+      # Using a transaction to ensure SET LOCAL works properly
+      ActiveRecord::Base.connection.execute(
+        "SET LOCAL app.current_user_id = '#{current_user.id}';"
+      )
+      ActiveRecord::Base.connection.execute(
+        "SET LOCAL app.current_organization_id = '#{current_organization.id}';"
+      )
+      ActiveRecord::Base.connection.execute(
+        "SET LOCAL app.user_role = '#{current_user.role}';"
+      )
+    rescue ActiveRecord::StatementInvalid => e
+      # SET LOCAL might fail outside transactions on some poolers
+      Rails.logger.warn("RLS SET LOCAL failed: #{e.message}. Using thread-local only.")
+    end
 
     # Set thread-local variable for application-level scoping
     # This is needed because PostgreSQL RLS doesn't apply to table owners (postgres user)
