Skip to content
This repository was archived by the owner on Aug 22, 2025. It is now read-only.

Commit 8b376df

Browse files
stevschmidstevschmid
committed
Improve
1 parent ce9da1c commit 8b376df

6 files changed

Lines changed: 49 additions & 52 deletions

File tree

lib/rls.rb

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -26,24 +26,25 @@ def role
2626
configuration.role
2727
end
2828

29-
def admin=(admin)
30-
RLS::Current.admin = admin
31-
end
32-
33-
def admin
34-
!!RLS::Current.admin
35-
end
36-
3729
def enable!
38-
self.admin = false
30+
RLS::Current.admin = false
3931
ActiveRecord::Base.connection_pool.disconnect!
4032
end
4133

4234
def disable!
43-
self.admin = true
35+
RLS::Current.admin = true
4436
ActiveRecord::Base.connection_pool.disconnect!
4537
end
4638

39+
def without_rls(&block)
40+
raise "Please supply block" unless block_given?
41+
42+
disable!
43+
block.call
44+
ensure
45+
enable!
46+
end
47+
4748
def process(tenant_id, &block)
4849
raise "Please supply block" unless block_given?
4950

lib/rls/extensions/postgresql_adapter.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ module PostgreSQLAdapter
88

99
def initialize(...)
1010
super
11-
execute(format(SET_ROLE_SQL, quote(RLS.role))) unless RLS.admin
11+
execute(format(SET_ROLE_SQL, quote(RLS.role))) unless RLS::Current.admin
1212
end
1313

1414
def rls_set(tenant_id:)

lib/tasks/rls.rake

Lines changed: 31 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -33,44 +33,40 @@ namespace :rls do
3333
end
3434

3535
task create_role: :environment do
36-
RLS.disable!
37-
38-
RLS.connection.execute <<~SQL
39-
DO $$
40-
BEGIN
41-
CREATE ROLE "#{RLS.role}" WITH NOLOGIN;
42-
EXCEPTION
43-
WHEN DUPLICATE_OBJECT THEN
44-
RAISE NOTICE 'Role "#{RLS.role}" already exists';
45-
END
46-
$$;
47-
48-
GRANT ALL ON ALL TABLES IN SCHEMA public TO "#{RLS.role}";
49-
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO "#{RLS.role}";
50-
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "#{RLS.role}";
51-
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "#{RLS.role}";
52-
SQL
53-
54-
puts "Role #{RLS.role} created"
55-
56-
RLS.enable!
36+
RLS.without_rls do
37+
RLS.connection.execute <<~SQL
38+
DO $$
39+
BEGIN
40+
CREATE ROLE "#{RLS.role}" WITH NOLOGIN;
41+
EXCEPTION
42+
WHEN DUPLICATE_OBJECT THEN
43+
RAISE NOTICE 'Role "#{RLS.role}" already exists';
44+
END
45+
$$;
46+
47+
GRANT ALL ON ALL TABLES IN SCHEMA public TO "#{RLS.role}";
48+
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO "#{RLS.role}";
49+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "#{RLS.role}";
50+
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "#{RLS.role}";
51+
SQL
52+
53+
puts "Role #{RLS.role} created"
54+
end
5755
end
5856

5957
task drop_role: :environment do
60-
RLS.disable!
61-
62-
RLS.connection.execute <<~SQL
63-
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM "#{RLS.role}";
64-
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM "#{RLS.role}";
65-
REVOKE ALL ON ALL TABLES IN SCHEMA public FROM "#{RLS.role}";
66-
REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM "#{RLS.role}";
67-
DROP OWNED BY "#{RLS.role}";
68-
DROP ROLE "#{RLS.role}";
69-
SQL
70-
71-
puts "Role #{RLS.role} dropped"
72-
73-
RLS.enable!
58+
RLS.without_rls do
59+
RLS.connection.execute <<~SQL
60+
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM "#{RLS.role}";
61+
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM "#{RLS.role}";
62+
REVOKE ALL ON ALL TABLES IN SCHEMA public FROM "#{RLS.role}";
63+
REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM "#{RLS.role}";
64+
DROP OWNED BY "#{RLS.role}";
65+
DROP ROLE "#{RLS.role}";
66+
SQL
67+
68+
puts "Role #{RLS.role} dropped"
69+
end
7470
end
7571

7672
end

spec/integration/postgresql_adapter_extension_spec.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,14 @@
1212

1313
context "when admin" do
1414
specify do
15-
RLS.admin = true
15+
RLS::Current.admin = true
1616
ActiveRecord::Base.connection_pool.disconnect!
1717

1818
role = connection.query_value("SHOW ROLE")
1919
expect(role).to eq "none"
2020

2121
# ensure we roll back for remaining specs
22-
RLS.admin = false
22+
RLS::Current.admin = false
2323
ActiveRecord::Base.connection_pool.disconnect!
2424
end
2525
end

spec/rls_spec.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,16 +14,16 @@
1414
describe "#enable!" do
1515
subject { -> { described_class.enable! } }
1616

17-
before { described_class.admin = true }
17+
before { RLS::Current.admin = true }
1818

19-
specify { expect { subject.call }.to change(described_class, :admin).from(true).to(false) }
19+
specify { expect { subject.call }.to change(RLS::Current, :admin).from(true).to(false) }
2020
specify { expect(ActiveRecord::Base.connection_pool).to receive(:disconnect!); subject.call }
2121
end
2222

2323
describe "#disable!" do
2424
subject { -> { described_class.disable! } }
2525

26-
specify { expect { subject.call }.to change(described_class, :admin).from(false).to(true) }
26+
specify { expect { subject.call }.to change(RLS::Current, :admin).from(false).to(true) }
2727
specify { expect(ActiveRecord::Base.connection_pool).to receive(:disconnect!); subject.call }
2828
end
2929

spec/unit/rls/extensions/postgresql_adapter_spec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ def clear_query_cache
2828
end
2929

3030
context "when admin" do
31-
before { RLS.admin = true }
31+
before { RLS::Current.admin = true }
3232

3333
it "does not set the role" do
3434
expect_any_instance_of(MyAdapter).not_to receive(:execute).with("SET ROLE 'dummy_rls_test'")

0 commit comments

Comments
 (0)