qzl
580 lines
22 KiB
Python
580 lines
22 KiB
Python
"""add chat, points, and invite schema
|
|
|
|
Revision ID: 20260411_0002
|
|
Revises: 20260411_0001
|
|
Create Date: 2026-04-11 00:10:00
|
|
"""
|
|
|
|
from typing import Sequence, Union
|
|
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
from sqlalchemy.dialects import postgresql
|
|
|
|
revision: str = "20260411_0002"
|
|
down_revision: Union[str, Sequence[str], None] = "20260411_0001"
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
op.create_table(
|
|
"profiles",
|
|
sa.Column("id", sa.UUID(), nullable=False),
|
|
sa.Column("username", sa.String(length=30), nullable=False),
|
|
sa.Column("avatar_url", sa.Text(), nullable=True),
|
|
sa.Column("bio", sa.String(length=200), nullable=True),
|
|
sa.Column(
|
|
"settings",
|
|
postgresql.JSONB(astext_type=sa.Text()),
|
|
nullable=False,
|
|
server_default=sa.text("'{}'::jsonb"),
|
|
),
|
|
sa.Column("referred_by", sa.UUID(), nullable=True),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column("deleted_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.CheckConstraint(
|
|
"char_length(username) >= 1", name="ck_profiles_username_non_empty"
|
|
),
|
|
sa.ForeignKeyConstraint(["id"], ["auth.users.id"], ondelete="CASCADE"),
|
|
sa.ForeignKeyConstraint(["referred_by"], ["profiles.id"], ondelete="SET NULL"),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
)
|
|
op.create_index("ix_profiles_username", "profiles", ["username"], unique=False)
|
|
op.create_index(
|
|
"ix_profiles_settings_gin",
|
|
"profiles",
|
|
["settings"],
|
|
unique=False,
|
|
postgresql_using="gin",
|
|
)
|
|
op.create_index(
|
|
"ix_profiles_referred_by", "profiles", ["referred_by"], unique=False
|
|
)
|
|
_enable_rls("profiles")
|
|
|
|
op.create_table(
|
|
"sessions",
|
|
sa.Column("id", sa.UUID(), nullable=False),
|
|
sa.Column("user_id", sa.UUID(), nullable=False),
|
|
sa.Column("session_type", sa.String(length=20), nullable=False),
|
|
sa.Column("job_id", sa.UUID(), nullable=True),
|
|
sa.Column("title", sa.String(length=255), nullable=True),
|
|
sa.Column("status", sa.String(length=20), nullable=False),
|
|
sa.Column(
|
|
"last_activity_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"message_count",
|
|
sa.Integer(),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"total_tokens",
|
|
sa.Integer(),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"total_cost",
|
|
sa.Numeric(12, 6),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"state_snapshot", postgresql.JSONB(astext_type=sa.Text()), nullable=True
|
|
),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column("deleted_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.CheckConstraint(
|
|
"session_type in ('chat', 'automation')", name="ck_sessions_session_type"
|
|
),
|
|
sa.CheckConstraint(
|
|
"status in ('pending', 'running', 'completed', 'failed')",
|
|
name="ck_sessions_status",
|
|
),
|
|
sa.CheckConstraint(
|
|
"message_count >= 0", name="ck_sessions_message_count_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"total_tokens >= 0", name="ck_sessions_total_tokens_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"total_cost >= 0", name="ck_sessions_total_cost_non_negative"
|
|
),
|
|
sa.ForeignKeyConstraint(["user_id"], ["auth.users.id"], ondelete="CASCADE"),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
)
|
|
op.create_index("ix_sessions_user_id", "sessions", ["user_id"], unique=False)
|
|
op.create_index(
|
|
"ix_sessions_user_activity",
|
|
"sessions",
|
|
["user_id", "last_activity_at"],
|
|
unique=False,
|
|
)
|
|
_enable_rls("sessions")
|
|
|
|
op.create_table(
|
|
"messages",
|
|
sa.Column("id", sa.UUID(), nullable=False),
|
|
sa.Column("session_id", sa.UUID(), nullable=False),
|
|
sa.Column("seq", sa.Integer(), nullable=False),
|
|
sa.Column("role", sa.String(length=20), nullable=False),
|
|
sa.Column("content", sa.Text(), nullable=False),
|
|
sa.Column("model_code", sa.String(length=50), nullable=True),
|
|
sa.Column("tool_name", sa.String(length=100), nullable=True),
|
|
sa.Column(
|
|
"input_tokens", sa.Integer(), server_default=sa.text("0"), nullable=False
|
|
),
|
|
sa.Column(
|
|
"output_tokens", sa.Integer(), server_default=sa.text("0"), nullable=False
|
|
),
|
|
sa.Column(
|
|
"cost", sa.Numeric(12, 6), server_default=sa.text("0"), nullable=False
|
|
),
|
|
sa.Column("latency_ms", sa.Integer(), nullable=True),
|
|
sa.Column(
|
|
"visibility_mask",
|
|
sa.BigInteger(),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column("metadata", postgresql.JSONB(astext_type=sa.Text()), nullable=True),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column("deleted_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.CheckConstraint("seq > 0", name="ck_messages_seq_positive"),
|
|
sa.CheckConstraint(
|
|
"role in ('user', 'assistant', 'system', 'tool')", name="ck_messages_role"
|
|
),
|
|
sa.CheckConstraint(
|
|
"input_tokens >= 0", name="ck_messages_input_tokens_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"output_tokens >= 0", name="ck_messages_output_tokens_non_negative"
|
|
),
|
|
sa.CheckConstraint("cost >= 0", name="ck_messages_cost_non_negative"),
|
|
sa.CheckConstraint(
|
|
"latency_ms is null or latency_ms >= 0",
|
|
name="ck_messages_latency_non_negative",
|
|
),
|
|
sa.ForeignKeyConstraint(["session_id"], ["sessions.id"], ondelete="CASCADE"),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
sa.UniqueConstraint("session_id", "seq", name="uq_messages_session_seq"),
|
|
)
|
|
op.create_index("ix_messages_session_id", "messages", ["session_id"], unique=False)
|
|
op.create_index(
|
|
"ix_messages_session_seq_visibility",
|
|
"messages",
|
|
["session_id", "seq", "visibility_mask"],
|
|
unique=False,
|
|
)
|
|
_enable_rls("messages")
|
|
|
|
op.create_table(
|
|
"user_points",
|
|
sa.Column("user_id", sa.UUID(), nullable=False),
|
|
sa.Column(
|
|
"balance", sa.BigInteger(), server_default=sa.text("0"), nullable=False
|
|
),
|
|
sa.Column(
|
|
"frozen_balance",
|
|
sa.BigInteger(),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"lifetime_earned",
|
|
sa.BigInteger(),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"lifetime_spent",
|
|
sa.BigInteger(),
|
|
server_default=sa.text("0"),
|
|
nullable=False,
|
|
),
|
|
sa.Column("version", sa.Integer(), server_default=sa.text("0"), nullable=False),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.CheckConstraint("balance >= 0", name="ck_user_points_balance_non_negative"),
|
|
sa.CheckConstraint(
|
|
"frozen_balance >= 0", name="ck_user_points_frozen_balance_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"lifetime_earned >= 0", name="ck_user_points_lifetime_earned_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"lifetime_spent >= 0", name="ck_user_points_lifetime_spent_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"frozen_balance <= balance", name="ck_user_points_frozen_le_balance"
|
|
),
|
|
sa.ForeignKeyConstraint(["user_id"], ["auth.users.id"], ondelete="CASCADE"),
|
|
sa.PrimaryKeyConstraint("user_id"),
|
|
)
|
|
_enable_rls("user_points")
|
|
|
|
op.create_table(
|
|
"points_ledger",
|
|
sa.Column("id", sa.UUID(), nullable=False),
|
|
sa.Column("user_id", sa.UUID(), nullable=False),
|
|
sa.Column("direction", sa.SmallInteger(), nullable=False),
|
|
sa.Column("amount", sa.BigInteger(), nullable=False),
|
|
sa.Column("balance_after", sa.BigInteger(), nullable=False),
|
|
sa.Column("change_type", sa.String(length=16), nullable=False),
|
|
sa.Column("biz_type", sa.String(length=16), nullable=True),
|
|
sa.Column("biz_id", sa.UUID(), nullable=True),
|
|
sa.Column("event_id", sa.String(length=64), nullable=False),
|
|
sa.Column("operator_id", sa.UUID(), nullable=True),
|
|
sa.Column(
|
|
"metadata",
|
|
postgresql.JSONB(astext_type=sa.Text()),
|
|
nullable=False,
|
|
server_default=sa.text("'{}'::jsonb"),
|
|
),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.text("now()"),
|
|
nullable=False,
|
|
),
|
|
sa.CheckConstraint("amount > 0", name="ck_points_ledger_amount_positive"),
|
|
sa.CheckConstraint(
|
|
"direction in (1, -1)", name="ck_points_ledger_direction_valid"
|
|
),
|
|
sa.CheckConstraint(
|
|
"balance_after >= 0", name="ck_points_ledger_balance_after_non_negative"
|
|
),
|
|
sa.CheckConstraint(
|
|
"change_type in ('register', 'consume', 'grant', 'adjust')",
|
|
name="ck_points_ledger_change_type",
|
|
),
|
|
sa.CheckConstraint(
|
|
"biz_type is null or biz_type = 'chat'", name="ck_points_ledger_biz_type"
|
|
),
|
|
sa.CheckConstraint(
|
|
"((change_type = 'register' and biz_type is null and biz_id is null) or "
|
|
"(change_type in ('consume', 'grant', 'adjust') and biz_type = 'chat' and biz_id is not null))",
|
|
name="ck_points_ledger_biz_binding",
|
|
),
|
|
sa.CheckConstraint(
|
|
"((change_type in ('register', 'grant') and direction = 1) or "
|
|
"(change_type = 'consume' and direction = -1) or "
|
|
"(change_type = 'adjust' and direction in (1, -1)))",
|
|
name="ck_points_ledger_direction_by_change_type",
|
|
),
|
|
sa.CheckConstraint(
|
|
"jsonb_typeof(metadata) = 'object'", name="ck_points_ledger_metadata_object"
|
|
),
|
|
sa.CheckConstraint(
|
|
"metadata->>'schema_version' = '1' and "
|
|
"metadata->>'operator_type' in ('user', 'system', 'admin') and "
|
|
"coalesce(metadata->>'run_id', '') <> '' and "
|
|
"(not (metadata ? 'ext') or jsonb_typeof(metadata->'ext') = 'object')",
|
|
name="ck_points_ledger_metadata_common",
|
|
),
|
|
sa.CheckConstraint(
|
|
"(change_type <> 'register' or not (metadata ? 'charge'))",
|
|
name="ck_points_ledger_metadata_register_shape",
|
|
),
|
|
sa.CheckConstraint(
|
|
"(change_type <> 'consume' or ((metadata ? 'charge') and jsonb_typeof(metadata->'charge') = 'object' and "
|
|
"(metadata->'charge' ? 'message_id') and (metadata->'charge' ? 'message_seq') and "
|
|
"(metadata->'charge' ? 'model_code') and (metadata->'charge' ? 'input_tokens') and "
|
|
"(metadata->'charge' ? 'output_tokens') and (metadata->'charge' ? 'cost')))",
|
|
name="ck_points_ledger_metadata_consume_shape",
|
|
),
|
|
sa.CheckConstraint(
|
|
"(change_type <> 'adjust' or ((metadata ? 'ext') and (metadata->'ext' ? 'ticket_id') and "
|
|
"coalesce(metadata #>> '{ext,ticket_id}', '') <> ''))",
|
|
name="ck_points_ledger_metadata_adjust_shape",
|
|
),
|
|
sa.ForeignKeyConstraint(["biz_id"], ["sessions.id"], ondelete="RESTRICT"),
|
|
sa.ForeignKeyConstraint(
|
|
["operator_id"], ["auth.users.id"], ondelete="SET NULL"
|
|
),
|
|
sa.ForeignKeyConstraint(["user_id"], ["auth.users.id"], ondelete="CASCADE"),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
sa.UniqueConstraint("user_id", "event_id", name="uq_points_ledger_user_event"),
|
|
)
|
|
op.create_index(
|
|
"ix_points_ledger_user_created_at",
|
|
"points_ledger",
|
|
["user_id", sa.text("created_at DESC")],
|
|
unique=False,
|
|
)
|
|
op.create_index(
|
|
"ix_points_ledger_biz_type_biz_id",
|
|
"points_ledger",
|
|
["biz_type", "biz_id"],
|
|
unique=False,
|
|
)
|
|
_enable_rls("points_ledger")
|
|
|
|
op.execute(
|
|
"""
|
|
CREATE TABLE invite_codes (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
code VARCHAR(6) NOT NULL UNIQUE CHECK (code ~ '^[ABCDEFGHJKMNPQRSTUVWXYZ23456789]{6}$'),
|
|
owner_id UUID REFERENCES profiles(id) ON DELETE SET NULL,
|
|
status VARCHAR(20) NOT NULL DEFAULT 'active' CHECK (status IN ('active', 'disabled', 'expired')),
|
|
used_count INTEGER NOT NULL DEFAULT 0 CHECK (used_count >= 0),
|
|
max_uses INTEGER CHECK (max_uses IS NULL OR max_uses >= 1),
|
|
expires_at TIMESTAMPTZ NULL,
|
|
reward_config JSONB NOT NULL DEFAULT '{}',
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
|
)
|
|
"""
|
|
)
|
|
op.execute("CREATE INDEX ix_invite_codes_owner_id ON invite_codes(owner_id)")
|
|
op.execute(
|
|
"CREATE INDEX ix_invite_codes_code ON invite_codes(code) WHERE status = 'active'"
|
|
)
|
|
_enable_rls("invite_codes")
|
|
|
|
op.execute(
|
|
"""
|
|
CREATE OR REPLACE FUNCTION public.generate_invite_code()
|
|
RETURNS TEXT
|
|
LANGUAGE plpgsql
|
|
SECURITY DEFINER
|
|
SET search_path = ''
|
|
AS $$
|
|
DECLARE
|
|
chars TEXT := 'ABCDEFGHJKMNPQRSTUVWXYZ23456789';
|
|
result TEXT := '';
|
|
i INT;
|
|
BEGIN
|
|
FOR i IN 1..6 LOOP
|
|
result := result || substr(chars, floor(random() * length(chars) + 1)::int, 1);
|
|
END LOOP;
|
|
RETURN result;
|
|
END;
|
|
$$;
|
|
"""
|
|
)
|
|
|
|
op.execute(
|
|
"""
|
|
CREATE OR REPLACE FUNCTION public.initialize_profile_and_invite_code_on_signup()
|
|
RETURNS trigger
|
|
LANGUAGE plpgsql
|
|
SECURITY DEFINER
|
|
SET search_path = public
|
|
AS $$
|
|
DECLARE
|
|
v_username text;
|
|
v_invite_code text;
|
|
v_referrer_id uuid;
|
|
v_attempts int := 0;
|
|
invite_code_value text;
|
|
BEGIN
|
|
v_username := 'user_' || substring(md5(new.id::text || clock_timestamp()::text || random()::text) from 1 for 6);
|
|
|
|
INSERT INTO public.profiles (id, username, avatar_url, bio, settings)
|
|
VALUES (
|
|
new.id,
|
|
v_username,
|
|
null,
|
|
null,
|
|
jsonb_build_object(
|
|
'version', 1,
|
|
'preferences', jsonb_build_object(
|
|
'interface_language', 'zh-CN',
|
|
'ai_language', 'zh-CN',
|
|
'timezone', 'Asia/Shanghai',
|
|
'country', 'CN'
|
|
),
|
|
'privacy', jsonb_build_object('profile_visibility', 'public'),
|
|
'notification', jsonb_build_object(
|
|
'allow_notifications', true,
|
|
'allow_vibration', true
|
|
)
|
|
)
|
|
)
|
|
ON CONFLICT (id) DO NOTHING;
|
|
|
|
LOOP
|
|
BEGIN
|
|
v_invite_code := public.generate_invite_code();
|
|
INSERT INTO public.invite_codes (code, owner_id, status, used_count, max_uses, expires_at, reward_config)
|
|
VALUES (
|
|
v_invite_code,
|
|
new.id,
|
|
'active',
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
'{}'::jsonb
|
|
);
|
|
EXIT;
|
|
EXCEPTION WHEN unique_violation THEN
|
|
v_attempts := v_attempts + 1;
|
|
IF v_attempts >= 100 THEN
|
|
RAISE EXCEPTION 'Failed to generate unique invite code after 100 attempts';
|
|
END IF;
|
|
END;
|
|
END LOOP;
|
|
|
|
invite_code_value := new.raw_user_meta_data ->> 'invite_code';
|
|
IF invite_code_value IS NOT NULL AND length(invite_code_value) = 6 THEN
|
|
invite_code_value := upper(invite_code_value);
|
|
IF invite_code_value ~ '^[ABCDEFGHJKMNPQRSTUVWXYZ23456789]{6}$' THEN
|
|
UPDATE public.invite_codes
|
|
SET used_count = used_count + 1
|
|
WHERE code = invite_code_value
|
|
AND status = 'active'
|
|
AND (max_uses IS NULL OR used_count < max_uses)
|
|
AND (expires_at IS NULL OR expires_at > NOW())
|
|
RETURNING owner_id INTO v_referrer_id;
|
|
|
|
IF v_referrer_id IS NOT NULL THEN
|
|
UPDATE public.profiles
|
|
SET referred_by = v_referrer_id
|
|
WHERE id = new.id;
|
|
END IF;
|
|
END IF;
|
|
END IF;
|
|
|
|
RETURN NEW;
|
|
END;
|
|
$$;
|
|
"""
|
|
)
|
|
|
|
op.execute("DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users")
|
|
op.execute(
|
|
"DROP TRIGGER IF EXISTS trg_initialize_profile_and_points_on_signup ON auth.users"
|
|
)
|
|
op.execute(
|
|
"""
|
|
CREATE TRIGGER on_auth_user_created
|
|
AFTER INSERT ON auth.users
|
|
FOR EACH ROW
|
|
EXECUTE FUNCTION public.initialize_profile_and_invite_code_on_signup()
|
|
"""
|
|
)
|
|
|
|
|
|
def downgrade() -> None:
|
|
op.execute("DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users")
|
|
op.execute(
|
|
"DROP FUNCTION IF EXISTS public.initialize_profile_and_invite_code_on_signup()"
|
|
)
|
|
op.execute("DROP FUNCTION IF EXISTS public.generate_invite_code()")
|
|
|
|
_drop_rls("invite_codes")
|
|
op.execute("DROP INDEX IF EXISTS ix_invite_codes_code")
|
|
op.execute("DROP INDEX IF EXISTS ix_invite_codes_owner_id")
|
|
op.execute("DROP TABLE IF EXISTS invite_codes")
|
|
|
|
_drop_rls("points_ledger")
|
|
op.drop_index("ix_points_ledger_biz_type_biz_id", table_name="points_ledger")
|
|
op.drop_index("ix_points_ledger_user_created_at", table_name="points_ledger")
|
|
op.drop_table("points_ledger")
|
|
|
|
_drop_rls("user_points")
|
|
op.drop_table("user_points")
|
|
|
|
_drop_rls("messages")
|
|
op.drop_index("ix_messages_session_seq_visibility", table_name="messages")
|
|
op.drop_index("ix_messages_session_id", table_name="messages")
|
|
op.drop_table("messages")
|
|
|
|
_drop_rls("sessions")
|
|
op.drop_index("ix_sessions_user_activity", table_name="sessions")
|
|
op.drop_index("ix_sessions_user_id", table_name="sessions")
|
|
op.drop_table("sessions")
|
|
|
|
_drop_rls("profiles")
|
|
op.drop_index("ix_profiles_referred_by", table_name="profiles")
|
|
op.drop_index("ix_profiles_settings_gin", table_name="profiles")
|
|
op.drop_index("ix_profiles_username", table_name="profiles")
|
|
op.drop_table("profiles")
|
|
|
|
|
|
def _enable_rls(table_name: str) -> None:
|
|
for role in ["anon", "authenticated"]:
|
|
for action in ["select", "insert", "update", "delete"]:
|
|
op.execute(
|
|
f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}"
|
|
)
|
|
op.execute(f"ALTER TABLE {table_name} ENABLE ROW LEVEL SECURITY")
|
|
for role in ["anon", "authenticated"]:
|
|
op.execute(
|
|
f"CREATE POLICY {role}_select_{table_name} ON {table_name} FOR SELECT TO {role} USING (false)"
|
|
)
|
|
op.execute(
|
|
f"CREATE POLICY {role}_insert_{table_name} ON {table_name} FOR INSERT TO {role} WITH CHECK (false)"
|
|
)
|
|
op.execute(
|
|
f"CREATE POLICY {role}_update_{table_name} ON {table_name} FOR UPDATE TO {role} USING (false) WITH CHECK (false)"
|
|
)
|
|
op.execute(
|
|
f"CREATE POLICY {role}_delete_{table_name} ON {table_name} FOR DELETE TO {role} USING (false)"
|
|
)
|
|
|
|
|
|
def _drop_rls(table_name: str) -> None:
|
|
for role in ["anon", "authenticated"]:
|
|
for action in ["select", "insert", "update", "delete"]:
|
|
op.execute(
|
|
f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}"
|
|
)
|
|
op.execute(f"ALTER TABLE {table_name} DISABLE ROW LEVEL SECURITY")
|