@juliobrim/prisma-shared 1.0.52 → 1.0.54
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/migrations/20260326_enable_rls_wave1/migration.sql +85 -0
- package/migrations/20260408155012_add_productivity_cache_end_indexes/migration.sql +5 -0
- package/migrations/20260409022046_add_machine_operational_state_table/migration.sql +22 -0
- package/package.json +1 -1
- package/schema.prisma +17 -0
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
-- RLS multi-tenant - onda 1
|
|
2
|
+
--
|
|
3
|
+
-- Este arquivo prepara as tabelas tenant-scoped mais criticas para isolamento
|
|
4
|
+
-- definitivo no PostgreSQL. Ele deve ser portado para a origem do pacote
|
|
5
|
+
-- shared Prisma e executado como migration SQL, nao aplicado manualmente em
|
|
6
|
+
-- node_modules.
|
|
7
|
+
--
|
|
8
|
+
-- Pre-requisitos:
|
|
9
|
+
-- 1. As tabelas abaixo devem ter "tenantId" NOT NULL.
|
|
10
|
+
-- 2. A aplicacao deve abrir transacoes com:
|
|
11
|
+
-- SELECT set_config('app.tenant_id', '<tenant-id>', true);
|
|
12
|
+
-- 3. O usuario tecnico do banco nao deve ter BYPASSRLS.
|
|
13
|
+
--
|
|
14
|
+
-- Rollout sugerido:
|
|
15
|
+
-- 1. Subir a aplicacao ja usando withTenantRlsTransaction().
|
|
16
|
+
-- 2. Aplicar esta migration em staging.
|
|
17
|
+
-- 3. Validar fluxos de leitura/escrita e acessos cross-tenant.
|
|
18
|
+
-- 4. Aplicar em producao por janela controlada.
|
|
19
|
+
|
|
20
|
+
BEGIN;
|
|
21
|
+
|
|
22
|
+
CREATE OR REPLACE FUNCTION app_current_tenant_id()
|
|
23
|
+
RETURNS text
|
|
24
|
+
LANGUAGE sql
|
|
25
|
+
STABLE
|
|
26
|
+
AS $$
|
|
27
|
+
SELECT NULLIF(current_setting('app.tenant_id', true), '');
|
|
28
|
+
$$;
|
|
29
|
+
|
|
30
|
+
DO $$
|
|
31
|
+
DECLARE
|
|
32
|
+
tenant_tables text[] := ARRAY[
|
|
33
|
+
'flow',
|
|
34
|
+
'machine',
|
|
35
|
+
'node',
|
|
36
|
+
'operation',
|
|
37
|
+
'operator',
|
|
38
|
+
'panel',
|
|
39
|
+
'product',
|
|
40
|
+
'production_node',
|
|
41
|
+
'production_order',
|
|
42
|
+
'report',
|
|
43
|
+
'resource',
|
|
44
|
+
'Role',
|
|
45
|
+
'sector',
|
|
46
|
+
'shift',
|
|
47
|
+
'user'
|
|
48
|
+
];
|
|
49
|
+
table_name text;
|
|
50
|
+
BEGIN
|
|
51
|
+
FOREACH table_name IN ARRAY tenant_tables LOOP
|
|
52
|
+
EXECUTE format('ALTER TABLE %I ENABLE ROW LEVEL SECURITY', table_name);
|
|
53
|
+
EXECUTE format('ALTER TABLE %I FORCE ROW LEVEL SECURITY', table_name);
|
|
54
|
+
|
|
55
|
+
EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_select', table_name);
|
|
56
|
+
EXECUTE format(
|
|
57
|
+
'CREATE POLICY %I ON %I FOR SELECT USING ("tenantId" = app_current_tenant_id())',
|
|
58
|
+
table_name || '_tenant_select',
|
|
59
|
+
table_name
|
|
60
|
+
);
|
|
61
|
+
|
|
62
|
+
EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_insert', table_name);
|
|
63
|
+
EXECUTE format(
|
|
64
|
+
'CREATE POLICY %I ON %I FOR INSERT WITH CHECK ("tenantId" = app_current_tenant_id())',
|
|
65
|
+
table_name || '_tenant_insert',
|
|
66
|
+
table_name
|
|
67
|
+
);
|
|
68
|
+
|
|
69
|
+
EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_update', table_name);
|
|
70
|
+
EXECUTE format(
|
|
71
|
+
'CREATE POLICY %I ON %I FOR UPDATE USING ("tenantId" = app_current_tenant_id()) WITH CHECK ("tenantId" = app_current_tenant_id())',
|
|
72
|
+
table_name || '_tenant_update',
|
|
73
|
+
table_name
|
|
74
|
+
);
|
|
75
|
+
|
|
76
|
+
EXECUTE format('DROP POLICY IF EXISTS %I ON %I', table_name || '_tenant_delete', table_name);
|
|
77
|
+
EXECUTE format(
|
|
78
|
+
'CREATE POLICY %I ON %I FOR DELETE USING ("tenantId" = app_current_tenant_id())',
|
|
79
|
+
table_name || '_tenant_delete',
|
|
80
|
+
table_name
|
|
81
|
+
);
|
|
82
|
+
END LOOP;
|
|
83
|
+
END $$;
|
|
84
|
+
|
|
85
|
+
COMMIT;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
-- CreateTable
|
|
2
|
+
CREATE TABLE "MachineOperationalState" (
|
|
3
|
+
"id" TEXT NOT NULL,
|
|
4
|
+
"machineId" TEXT NOT NULL,
|
|
5
|
+
"countState" JSONB,
|
|
6
|
+
"lastMachineTimestamp" TIMESTAMP(3),
|
|
7
|
+
"updatedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
8
|
+
|
|
9
|
+
CONSTRAINT "MachineOperationalState_pkey" PRIMARY KEY ("id")
|
|
10
|
+
);
|
|
11
|
+
|
|
12
|
+
-- CreateIndex
|
|
13
|
+
CREATE UNIQUE INDEX "MachineOperationalState_machineId_key" ON "MachineOperationalState"("machineId");
|
|
14
|
+
|
|
15
|
+
-- CreateIndex
|
|
16
|
+
CREATE INDEX "MachineOperationalState_machineId_idx" ON "MachineOperationalState"("machineId");
|
|
17
|
+
|
|
18
|
+
-- CreateIndex
|
|
19
|
+
CREATE INDEX "MachineOperationalState_lastMachineTimestamp_idx" ON "MachineOperationalState"("lastMachineTimestamp");
|
|
20
|
+
|
|
21
|
+
-- AddForeignKey
|
|
22
|
+
ALTER TABLE "MachineOperationalState" ADD CONSTRAINT "MachineOperationalState_machineId_fkey" FOREIGN KEY ("machineId") REFERENCES "machine"("id") ON DELETE CASCADE ON UPDATE CASCADE;
|
package/package.json
CHANGED
package/schema.prisma
CHANGED
|
@@ -284,6 +284,7 @@ model Machine {
|
|
|
284
284
|
MachineScriptState MachineScriptState?
|
|
285
285
|
machineOperationStitch MachineOperationStitch[]
|
|
286
286
|
productivityIntervals ProductivityIntervalCache[]
|
|
287
|
+
machineOperationalState MachineOperationalState?
|
|
287
288
|
|
|
288
289
|
@@unique([tenantId, name])
|
|
289
290
|
@@index([sectorId])
|
|
@@ -909,6 +910,20 @@ model Device {
|
|
|
909
910
|
@@map("device")
|
|
910
911
|
}
|
|
911
912
|
|
|
913
|
+
model MachineOperationalState {
|
|
914
|
+
id String @id @default(cuid())
|
|
915
|
+
machineId String @unique
|
|
916
|
+
countState Json?
|
|
917
|
+
lastMachineTimestamp DateTime?
|
|
918
|
+
updatedAt DateTime @default(now()) @updatedAt
|
|
919
|
+
|
|
920
|
+
machine Machine? @relation(fields: [machineId], references: [id], onDelete: Cascade)
|
|
921
|
+
|
|
922
|
+
@@index([machineId])
|
|
923
|
+
@@index([lastMachineTimestamp])
|
|
924
|
+
@@map("MachineOperationalState")
|
|
925
|
+
}
|
|
926
|
+
|
|
912
927
|
model MachineSensors {
|
|
913
928
|
id String @id @default(cuid())
|
|
914
929
|
machineId String @unique
|
|
@@ -1073,6 +1088,8 @@ model ProductivityIntervalCache {
|
|
|
1073
1088
|
@@index([tenantId, machineId, groupStartTimestamp])
|
|
1074
1089
|
@@index([operatorId, groupStartTimestamp])
|
|
1075
1090
|
@@index([operationId])
|
|
1091
|
+
@@index([operatorId, groupEndTimestamp], map: "pic_operator_end_idx")
|
|
1092
|
+
@@index([tenantId, operatorId, groupEndTimestamp], map: "pic_tenant_operator_end_idx")
|
|
1076
1093
|
@@map("productivity_interval_cache")
|
|
1077
1094
|
}
|
|
1078
1095
|
|