Skip to content

Commit d747191

Browse files
maparentmaparent
authored
ENG-1260 Permission denied when attempting to sync megacog nodes w/ database for embeddings (#680)
* eng-1260 The for update with check syntax seems to malfunction, whereas for update using works.
1 parent 191d89e commit d747191

4 files changed

Lines changed: 27 additions & 9 deletions

File tree

packages/database/supabase/migrations/20260109035002_update_policy_using.sql

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
DROP POLICY IF EXISTS content_update_policy ON public."Content";
2+
CREATE POLICY content_update_policy ON public."Content" FOR UPDATE USING (public.in_space(space_id));
3+
DROP POLICY content_access_update_policy ON public."ContentAccess";
4+
CREATE POLICY content_access_update_policy ON public."ContentAccess" FOR UPDATE USING (public.content_in_editable_space(content_id));
5+
DROP POLICY concept_update_policy ON public."Concept";
6+
CREATE POLICY concept_update_policy ON public."Concept" FOR UPDATE USING (public.in_space(space_id));
7+
DROP POLICY concept_access_update_policy ON public."ConceptAccess";
8+
CREATE POLICY concept_access_update_policy ON public."ConceptAccess" FOR UPDATE USING (public.concept_in_editable_space(concept_id));
9+
DROP POLICY platform_account_update_policy ON public."PlatformAccount";
10+
CREATE POLICY platform_account_update_policy ON public."PlatformAccount" FOR UPDATE USING (dg_account = (SELECT auth.uid() LIMIT 1) OR (dg_account IS null AND public.unowned_account_in_shared_space(id)));
11+
DROP POLICY space_access_update_policy ON public."SpaceAccess";
12+
CREATE POLICY space_access_update_policy ON public."SpaceAccess" FOR UPDATE USING (account_uid = auth.uid());
13+
DROP POLICY local_access_update_policy ON public."LocalAccess";
14+
CREATE POLICY local_access_update_policy ON public."LocalAccess" FOR UPDATE USING (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
15+
DROP POLICY agent_identifier_update_policy ON public."AgentIdentifier";
16+
CREATE POLICY agent_identifier_update_policy ON public."AgentIdentifier" FOR UPDATE USING (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
17+
DROP POLICY group_membership_update_policy ON public.group_membership;
18+
CREATE POLICY group_membership_update_policy ON public.group_membership FOR UPDATE USING (public.is_group_admin(group_id));

packages/database/supabase/schemas/account.sql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -451,7 +451,7 @@ DROP POLICY IF EXISTS platform_account_insert_policy ON public."PlatformAccount"
451451
CREATE POLICY platform_account_insert_policy ON public."PlatformAccount" FOR INSERT WITH CHECK (dg_account = (SELECT auth.uid() LIMIT 1) OR (dg_account IS null AND public.unowned_account_in_shared_space(id)));
452452

453453
DROP POLICY IF EXISTS platform_account_update_policy ON public."PlatformAccount";
454-
CREATE POLICY platform_account_update_policy ON public."PlatformAccount" FOR UPDATE WITH CHECK (dg_account = (SELECT auth.uid() LIMIT 1) OR (dg_account IS null AND public.unowned_account_in_shared_space(id)));
454+
CREATE POLICY platform_account_update_policy ON public."PlatformAccount" FOR UPDATE USING (dg_account = (SELECT auth.uid() LIMIT 1) OR (dg_account IS null AND public.unowned_account_in_shared_space(id)));
455455

456456
-- SpaceAccess: Created through the create_account_in_space and the Space create route, both of which bypass RLS.
457457
-- Can be updated by a space peer for now, unless claimed by a user.
@@ -471,7 +471,7 @@ DROP POLICY IF EXISTS space_access_insert_policy ON public."SpaceAccess";
471471
CREATE POLICY space_access_insert_policy ON public."SpaceAccess" FOR INSERT WITH CHECK (account_uid = auth.uid());
472472

473473
DROP POLICY IF EXISTS space_access_update_policy ON public."SpaceAccess";
474-
CREATE POLICY space_access_update_policy ON public."SpaceAccess" FOR UPDATE WITH CHECK (account_uid = auth.uid());
474+
CREATE POLICY space_access_update_policy ON public."SpaceAccess" FOR UPDATE USING (account_uid = auth.uid());
475475

476476
ALTER TABLE public."LocalAccess" ENABLE ROW LEVEL SECURITY;
477477

@@ -487,7 +487,7 @@ DROP POLICY IF EXISTS local_access_insert_policy ON public."LocalAccess";
487487
CREATE POLICY local_access_insert_policy ON public."LocalAccess" FOR INSERT WITH CHECK (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
488488

489489
DROP POLICY IF EXISTS local_access_update_policy ON public."LocalAccess";
490-
CREATE POLICY local_access_update_policy ON public."LocalAccess" FOR UPDATE WITH CHECK (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
490+
CREATE POLICY local_access_update_policy ON public."LocalAccess" FOR UPDATE USING (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
491491

492492
-- AgentIdentifier: Allow space members to do anything, to allow editing authors.
493493
-- Eventually: Once the account is claimed by a user, only allow this user to modify it.
@@ -506,7 +506,7 @@ DROP POLICY IF EXISTS agent_identifier_insert_policy ON public."AgentIdentifier"
506506
CREATE POLICY agent_identifier_insert_policy ON public."AgentIdentifier" FOR INSERT WITH CHECK (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
507507

508508
DROP POLICY IF EXISTS agent_identifier_update_policy ON public."AgentIdentifier";
509-
CREATE POLICY agent_identifier_update_policy ON public."AgentIdentifier" FOR UPDATE WITH CHECK (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
509+
CREATE POLICY agent_identifier_update_policy ON public."AgentIdentifier" FOR UPDATE USING (public.unowned_account_in_shared_space(account_id) OR public.is_my_account(account_id));
510510

511511
ALTER TABLE public.group_membership ENABLE ROW LEVEL SECURITY;
512512

@@ -520,4 +520,4 @@ DROP POLICY IF EXISTS group_membership_insert_policy ON public.group_membership;
520520
CREATE POLICY group_membership_insert_policy ON public.group_membership FOR INSERT WITH CHECK (public.is_group_admin(group_id) OR NOT public.group_exists(group_id));
521521

522522
DROP POLICY IF EXISTS group_membership_update_policy ON public.group_membership;
523-
CREATE POLICY group_membership_update_policy ON public.group_membership FOR UPDATE WITH CHECK (public.is_group_admin(group_id));
523+
CREATE POLICY group_membership_update_policy ON public.group_membership FOR UPDATE USING (public.is_group_admin(group_id));

packages/database/supabase/schemas/concept.sql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -459,7 +459,7 @@ CREATE POLICY concept_delete_policy ON public."Concept" FOR DELETE USING (public
459459
DROP POLICY IF EXISTS concept_insert_policy ON public."Concept";
460460
CREATE POLICY concept_insert_policy ON public."Concept" FOR INSERT WITH CHECK (public.in_space(space_id));
461461
DROP POLICY IF EXISTS concept_update_policy ON public."Concept";
462-
CREATE POLICY concept_update_policy ON public."Concept" FOR UPDATE WITH CHECK (public.in_space(space_id));
462+
CREATE POLICY concept_update_policy ON public."Concept" FOR UPDATE USING (public.in_space(space_id));
463463

464464
ALTER TABLE public."ConceptAccess" ENABLE ROW LEVEL SECURITY;
465465

@@ -471,4 +471,4 @@ CREATE POLICY concept_access_delete_policy ON public."ConceptAccess" FOR DELETE
471471
DROP POLICY IF EXISTS concept_access_insert_policy ON public."ConceptAccess";
472472
CREATE POLICY concept_access_insert_policy ON public."ConceptAccess" FOR INSERT WITH CHECK (public.concept_in_editable_space(concept_id));
473473
DROP POLICY IF EXISTS concept_access_update_policy ON public."ConceptAccess";
474-
CREATE POLICY concept_access_update_policy ON public."ConceptAccess" FOR UPDATE WITH CHECK (public.concept_in_editable_space(concept_id));
474+
CREATE POLICY concept_access_update_policy ON public."ConceptAccess" FOR UPDATE USING (public.concept_in_editable_space(concept_id));

packages/database/supabase/schemas/content.sql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -660,7 +660,7 @@ CREATE POLICY content_delete_policy ON public."Content" FOR DELETE USING (public
660660
DROP POLICY IF EXISTS content_insert_policy ON public."Content";
661661
CREATE POLICY content_insert_policy ON public."Content" FOR INSERT WITH CHECK (public.in_space(space_id));
662662
DROP POLICY IF EXISTS content_update_policy ON public."Content";
663-
CREATE POLICY content_update_policy ON public."Content" FOR UPDATE WITH CHECK (public.in_space(space_id));
663+
CREATE POLICY content_update_policy ON public."Content" FOR UPDATE USING (public.in_space(space_id));
664664

665665
ALTER TABLE public."ContentAccess" ENABLE ROW LEVEL SECURITY;
666666

@@ -672,4 +672,4 @@ CREATE POLICY content_access_delete_policy ON public."ContentAccess" FOR DELETE
672672
DROP POLICY IF EXISTS content_access_insert_policy ON public."ContentAccess";
673673
CREATE POLICY content_access_insert_policy ON public."ContentAccess" FOR INSERT WITH CHECK (public.content_in_editable_space(content_id));
674674
DROP POLICY IF EXISTS content_access_update_policy ON public."ContentAccess";
675-
CREATE POLICY content_access_update_policy ON public."ContentAccess" FOR UPDATE WITH CHECK (public.content_in_editable_space(content_id));
675+
CREATE POLICY content_access_update_policy ON public."ContentAccess" FOR UPDATE USING (public.content_in_editable_space(content_id));

0 commit comments

Comments
 (0)