@juliobrim/prisma-shared 1.0.52 → 1.0.53

package/migrations/20260326_enable_rls_wave1/migration.sql

@@ -0,0 +1,85 @@
+-- RLS multi-tenant - onda 1
+--
+-- Este arquivo prepara as tabelas tenant-scoped mais criticas para isolamento
+-- definitivo no PostgreSQL. Ele deve ser portado para a origem do pacote
+-- shared Prisma e executado como migration SQL, nao aplicado manualmente em
+-- node_modules.
+--
+-- Pre-requisitos:
+-- 1. As tabelas abaixo devem ter "tenantId" NOT NULL.
+-- 2. A aplicacao deve abrir transacoes com:
+--    SELECT set_config('app.tenant_id', '<tenant-id>', true);
+-- 3. O usuario tecnico do banco nao deve ter BYPASSRLS.
+--
+-- Rollout sugerido:
+-- 1. Subir a aplicacao ja usando withTenantRlsTransaction().
+-- 2. Aplicar esta migration em staging.
+-- 3. Validar fluxos de leitura/escrita e acessos cross-tenant.
+-- 4. Aplicar em producao por janela controlada.
+
+BEGIN;
+
+CREATE OR REPLACE FUNCTION app_current_tenant_id()
+RETURNS text
+LANGUAGE sql
+STABLE
+AS $$
+  SELECT NULLIF(current_setting('app.tenant_id', true), '');
+$$;
+
+DO $$
+DECLARE
+  tenant_tables text[] := ARRAY[
+    'flow',
+    'machine',
+    'node',
+    'operation',
+    'operator',
+    'panel',
+    'product',
+    'production_node',
+    'production_order',
+    'report',
+    'resource',
+    'Role',
+    'sector',
+    'shift',
+    'user'
+  ];
+  table_name text;
+BEGIN
+  FOREACH table_name IN ARRAY tenant_tables LOOP
+    EXECUTE format('ALTER TABLE %I ENABLE ROW LEVEL SECURITY', table_name);
+    EXECUTE format('ALTER TABLE %I FORCE ROW LEVEL SECURITY', table_name);
+
+    EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_select', table_name);
+    EXECUTE format(
+      'CREATE POLICY %I ON %I FOR SELECT USING ("tenantId" = app_current_tenant_id())',
+      table_name || '_tenant_select',
+      table_name
+    );
+
+    EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_insert', table_name);
+    EXECUTE format(
+      'CREATE POLICY %I ON %I FOR INSERT WITH CHECK ("tenantId" = app_current_tenant_id())',
+      table_name || '_tenant_insert',
+      table_name
+    );
+
+    EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_update', table_name);
+    EXECUTE format(
+      'CREATE POLICY %I ON %I FOR UPDATE USING ("tenantId" = app_current_tenant_id()) WITH CHECK ("tenantId" = app_current_tenant_id())',
+      table_name || '_tenant_update',
+      table_name
+    );
+
+    EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_delete', table_name);
+    EXECUTE format(
+      'CREATE POLICY %I ON %I FOR DELETE USING ("tenantId" = app_current_tenant_id())',
+      table_name || '_tenant_delete',
+      table_name
+    );
+  END LOOP;
+END $$;
+
+COMMIT;

package/migrations/20260408155012_add_productivity_cache_end_indexes/migration.sql

@@ -0,0 +1,5 @@
+-- CreateIndex
+CREATE INDEX "pic_operator_end_idx" ON "productivity_interval_cache"("operatorId", "group_end_timestamp");
+
+-- CreateIndex
+CREATE INDEX "pic_tenant_operator_end_idx" ON "productivity_interval_cache"("tenantId", "operatorId", "group_end_timestamp");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juliobrim/prisma-shared",
-  "version": "1.0.52",
+  "version": "1.0.53",
   "description": "Schema Prisma compartilhado entre projetos Sabcon",
   "main": "schema.prisma",
   "files": [

package/schema.prisma

@@ -1073,6 +1073,8 @@ model ProductivityIntervalCache {
   @@index([tenantId, machineId, groupStartTimestamp])
   @@index([operatorId, groupStartTimestamp])
   @@index([operationId])
+  @@index([operatorId, groupEndTimestamp], map: "pic_operator_end_idx")
+  @@index([tenantId, operatorId, groupEndTimestamp], map: "pic_tenant_operator_end_idx")
   @@map("productivity_interval_cache")
 }