Added row level security to alert tables. Added alerts to user query.

2021-04-04 22:52:54 +02:00
parent da0cbced15
commit d36e52d5d1
5 changed files with 130 additions and 19 deletions
--- a/migrations/20190325001339_releases.js
+++ b/migrations/20190325001339_releases.js
@@ -1142,6 +1142,7 @@ exports.up = knex => Promise.resolve()
 		table.increments('id');

 		table.integer('user_id')
+			.notNullable()
 			.references('id')
 			.inTable('users')
 			.onDelete('cascade');
@@ -1152,11 +1153,6 @@ exports.up = knex => Promise.resolve()
 		table.boolean('email')
 			.defaultTo(false);

-		table.integer('stash_id')
-			.references('id')
-			.inTable('stashes')
-			.onDelete('cascade');
-
 		table.datetime('created_at')
 			.notNullable()
 			.defaultTo(knex.fn.now());
@@ -1217,6 +1213,7 @@ exports.up = knex => Promise.resolve()

 		table.integer('alert_id')
 			.notNullable()
+			.unique()
 			.references('id')
 			.inTable('alerts')
 			.onDelete('cascade');
@@ -1226,8 +1223,6 @@ exports.up = knex => Promise.resolve()
 			.references('id')
 			.inTable('entities')
 			.onDelete('cascade');
-
-		table.unique(['alert_id', 'entity_id']);
 	}))
 	.then(() => knex.schema.createTable('alerts_stashes', (table) => {
 		table.increments('id');
@@ -1244,7 +1239,7 @@ exports.up = knex => Promise.resolve()
 			.inTable('stashes')
 			.onDelete('cascade');

-		table.unique(['stash_id', 'entity_id']);
+		table.unique(['alert_id', 'stash_id']);
 	}))
 	// SEARCH
 	.then(() => { // eslint-disable-line arrow-body-style
@@ -1493,6 +1488,58 @@ exports.up = knex => Promise.resolve()
 					WHERE stashes.id = stashes_actors.stash_id
 					AND (stashes.user_id = current_user_id() OR stashes.public)
 				));
+
+			ALTER TABLE alerts ENABLE ROW LEVEL SECURITY;
+			ALTER TABLE alerts_tags ENABLE ROW LEVEL SECURITY;
+			ALTER TABLE alerts_scenes ENABLE ROW LEVEL SECURITY;
+			ALTER TABLE alerts_actors ENABLE ROW LEVEL SECURITY;
+			ALTER TABLE alerts_entities ENABLE ROW LEVEL SECURITY;
+			ALTER TABLE alerts_stashes ENABLE ROW LEVEL SECURITY;
+
+			CREATE POLICY alerts_policy_select ON alerts FOR SELECT USING (alerts.user_id = current_user_id());
+			CREATE POLICY alerts_policy_update ON alerts FOR UPDATE USING (alerts.user_id = current_user_id());
+			CREATE POLICY alerts_policy_delete ON alerts FOR DELETE USING (alerts.user_id = current_user_id());
+			CREATE POLICY alerts_policy_insert ON alerts FOR INSERT WITH CHECK (true);
+
+			CREATE POLICY alerts_policy ON alerts_scenes
+				USING (EXISTS (
+					SELECT *
+					FROM alerts
+					WHERE alerts.id = alerts_scenes.alert_id
+					AND alerts.user_id = current_user_id()
+				));
+
+			CREATE POLICY alerts_policy ON alerts_actors
+				USING (EXISTS (
+					SELECT *
+					FROM alerts
+					WHERE alerts.id = alerts_actors.alert_id
+					AND alerts.user_id = current_user_id()
+				));
+
+			CREATE POLICY alerts_policy ON alerts_entities
+				USING (EXISTS (
+					SELECT *
+					FROM alerts
+					WHERE alerts.id = alerts_entities.alert_id
+					AND alerts.user_id = current_user_id()
+				));
+
+			CREATE POLICY alerts_policy ON alerts_tags
+				USING (EXISTS (
+					SELECT *
+					FROM alerts
+					WHERE alerts.id = alerts_tags.alert_id
+					AND alerts.user_id = current_user_id()
+				));
+
+			CREATE POLICY alerts_policy ON alerts_stashes
+				USING (EXISTS (
+					SELECT *
+					FROM alerts
+					WHERE alerts.id = alerts_stashes.alert_id
+					AND alerts.user_id = current_user_id()
+				));
 		`, {
 			visitor: knex.raw(config.database.query.user),
 		});