-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathschema.ts
50 lines (46 loc) · 1.48 KB
/
schema.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import { sql } from "drizzle-orm";
import { pgTable, text, timestamp } from "drizzle-orm/pg-core";
import { authenticatedRole, anonymousRole } from "drizzle-orm/neon";
import { crudPolicy, authUid } from "./";
/**
* This defines a simple schema with two tables:
* - users: a table of users
* - posts: a table of social posts
*
* The schema has two RLS policies:
* - users: admin-only
* - posts: anyone can read, authenticated users can modify their own posts
*/
// private table, without RLS policies this is admin-only
export const users = pgTable("users", {
userId: text("user_id").primaryKey(),
email: text("email").unique().notNull(),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at").defaultNow().notNull(),
}).enableRLS();
// posts table with RLS policies
// - anyone can read
// - authenticated users can read any post and can modify their own posts
export const posts = pgTable(
"posts",
{
id: text("id").primaryKey(),
title: text("title").notNull(),
content: text("content").notNull(),
userId: text("userId").references(() => users.userId),
},
(table) => [
// anyone (anonymous) can read
crudPolicy({
role: anonymousRole,
read: true,
}),
// authenticated users can read any post, and modify only their own posts
crudPolicy({
role: authenticatedRole,
read: true,
// `userId` column matches `auth.user_id()` allows modify
modify: authUid(table.userId),
}),
]
);