Skip to content

Commit 0d5ee84

Browse files
QSchlegelclaude
QSchlegel
and
claude
committed
fix: handle missing Crowdfund table in RLS migration
Use dynamic SQL loop that skips tables and roles that don't exist, making the migration safe for both Supabase and Railway environments. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 8f49fdb commit 0d5ee84

1 file changed

Lines changed: 27 additions & 43 deletions

File tree

  • prisma/migrations/20251215090000_enable_rls_disable_postgrest

prisma/migrations/20251215090000_enable_rls_disable_postgrest/migration.sql

Lines changed: 27 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -5,50 +5,34 @@
55
-- - Allows Prisma (using the service role) to continue bypassing RLS
66

77
DO $$
8+
DECLARE
9+
tbl TEXT;
810
BEGIN
9-
-- Enable RLS on all tables
10-
ALTER TABLE "User" ENABLE ROW LEVEL SECURITY;
11-
ALTER TABLE "Wallet" ENABLE ROW LEVEL SECURITY;
12-
ALTER TABLE "Transaction" ENABLE ROW LEVEL SECURITY;
13-
ALTER TABLE "Signable" ENABLE ROW LEVEL SECURITY;
14-
ALTER TABLE "NewWallet" ENABLE ROW LEVEL SECURITY;
15-
ALTER TABLE "Nonce" ENABLE ROW LEVEL SECURITY;
16-
ALTER TABLE "Ballot" ENABLE ROW LEVEL SECURITY;
17-
ALTER TABLE "Proxy" ENABLE ROW LEVEL SECURITY;
18-
ALTER TABLE "BalanceSnapshot" ENABLE ROW LEVEL SECURITY;
19-
ALTER TABLE "Migration" ENABLE ROW LEVEL SECURITY;
20-
ALTER TABLE "Crowdfund" ENABLE ROW LEVEL SECURITY;
21-
ALTER TABLE "_prisma_migrations" ENABLE ROW LEVEL SECURITY;
11+
-- Enable RLS and optionally create deny-all policies for each table that exists
12+
FOR tbl IN
13+
SELECT unnest(ARRAY[
14+
'User', 'Wallet', 'Transaction', 'Signable', 'NewWallet',
15+
'Nonce', 'Ballot', 'Proxy', 'BalanceSnapshot', 'Migration',
16+
'Crowdfund', '_prisma_migrations'
17+
])
18+
LOOP
19+
-- Skip tables that don't exist
20+
IF EXISTS (SELECT 1 FROM pg_tables WHERE schemaname = 'public' AND tablename = tbl) THEN
21+
EXECUTE format('ALTER TABLE %I ENABLE ROW LEVEL SECURITY', tbl);
2222

23-
-- Create deny-all policies for anon role (Supabase PostgREST)
24-
IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'anon') THEN
25-
CREATE POLICY "deny_all_anon_User" ON "User" FOR ALL TO anon USING (false) WITH CHECK (false);
26-
CREATE POLICY "deny_all_anon_Wallet" ON "Wallet" FOR ALL TO anon USING (false) WITH CHECK (false);
27-
CREATE POLICY "deny_all_anon_Transaction" ON "Transaction" FOR ALL TO anon USING (false) WITH CHECK (false);
28-
CREATE POLICY "deny_all_anon_Signable" ON "Signable" FOR ALL TO anon USING (false) WITH CHECK (false);
29-
CREATE POLICY "deny_all_anon_NewWallet" ON "NewWallet" FOR ALL TO anon USING (false) WITH CHECK (false);
30-
CREATE POLICY "deny_all_anon_Nonce" ON "Nonce" FOR ALL TO anon USING (false) WITH CHECK (false);
31-
CREATE POLICY "deny_all_anon_Ballot" ON "Ballot" FOR ALL TO anon USING (false) WITH CHECK (false);
32-
CREATE POLICY "deny_all_anon_Proxy" ON "Proxy" FOR ALL TO anon USING (false) WITH CHECK (false);
33-
CREATE POLICY "deny_all_anon_BalanceSnapshot" ON "BalanceSnapshot" FOR ALL TO anon USING (false) WITH CHECK (false);
34-
CREATE POLICY "deny_all_anon_Migration" ON "Migration" FOR ALL TO anon USING (false) WITH CHECK (false);
35-
CREATE POLICY "deny_all_anon_Crowdfund" ON "Crowdfund" FOR ALL TO anon USING (false) WITH CHECK (false);
36-
CREATE POLICY "deny_all_anon__prisma_migrations" ON "_prisma_migrations" FOR ALL TO anon USING (false) WITH CHECK (false);
37-
END IF;
23+
IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'anon') THEN
24+
EXECUTE format(
25+
'CREATE POLICY "deny_all_anon_%s" ON %I FOR ALL TO anon USING (false) WITH CHECK (false)',
26+
tbl, tbl
27+
);
28+
END IF;
3829

39-
-- Create deny-all policies for authenticated role (Supabase PostgREST)
40-
IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'authenticated') THEN
41-
CREATE POLICY "deny_all_authenticated_User" ON "User" FOR ALL TO authenticated USING (false) WITH CHECK (false);
42-
CREATE POLICY "deny_all_authenticated_Wallet" ON "Wallet" FOR ALL TO authenticated USING (false) WITH CHECK (false);
43-
CREATE POLICY "deny_all_authenticated_Transaction" ON "Transaction" FOR ALL TO authenticated USING (false) WITH CHECK (false);
44-
CREATE POLICY "deny_all_authenticated_Signable" ON "Signable" FOR ALL TO authenticated USING (false) WITH CHECK (false);
45-
CREATE POLICY "deny_all_authenticated_NewWallet" ON "NewWallet" FOR ALL TO authenticated USING (false) WITH CHECK (false);
46-
CREATE POLICY "deny_all_authenticated_Nonce" ON "Nonce" FOR ALL TO authenticated USING (false) WITH CHECK (false);
47-
CREATE POLICY "deny_all_authenticated_Ballot" ON "Ballot" FOR ALL TO authenticated USING (false) WITH CHECK (false);
48-
CREATE POLICY "deny_all_authenticated_Proxy" ON "Proxy" FOR ALL TO authenticated USING (false) WITH CHECK (false);
49-
CREATE POLICY "deny_all_authenticated_BalanceSnapshot" ON "BalanceSnapshot" FOR ALL TO authenticated USING (false) WITH CHECK (false);
50-
CREATE POLICY "deny_all_authenticated_Migration" ON "Migration" FOR ALL TO authenticated USING (false) WITH CHECK (false);
51-
CREATE POLICY "deny_all_authenticated_Crowdfund" ON "Crowdfund" FOR ALL TO authenticated USING (false) WITH CHECK (false);
52-
CREATE POLICY "deny_all_authenticated__prisma_migrations" ON "_prisma_migrations" FOR ALL TO authenticated USING (false) WITH CHECK (false);
53-
END IF;
30+
IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'authenticated') THEN
31+
EXECUTE format(
32+
'CREATE POLICY "deny_all_authenticated_%s" ON %I FOR ALL TO authenticated USING (false) WITH CHECK (false)',
33+
tbl, tbl
34+
);
35+
END IF;
36+
END IF;
37+
END LOOP;
5438
END $$;

0 commit comments

Comments
 (0)