@kysera/rls 0.6.1 → 0.7.0

package/dist/index.d.ts

@@ -1,7 +1,7 @@
 import { R as RLSSchema, O as Operation, P as PolicyCondition, a as PolicyHints, b as PolicyDefinition, F as FilterCondition, T as TableRLSConfig, C as CompiledPolicy, c as CompiledFilterPolicy, d as RLSContext, e as RLSAuthContext, f as RLSRequestContext, g as PolicyEvaluationContext } from './types-6eCXh_Jd.js';
 export { h as PolicyType } from './types-6eCXh_Jd.js';
 import { KyseraLogger, ErrorCode } from '@kysera/core';
-import { Plugin } from '@kysera/repository';
+import { Plugin } from '@kysera/executor';
 import 'kysely';
 
 /**
@@ -598,7 +598,7 @@ interface RLSPluginOptions<DB = unknown> {
  *   },
  * });
  *
- * // Create ORM with RLS plugin
+ * // Create repository with RLS plugin
  * const orm = await createORM(db, [
  *   rlsPlugin({ schema }),
  * ]);

package/dist/index.js

@@ -1,4 +1,5 @@
 import { silentLogger } from '@kysera/core';
+import { getRawDb } from '@kysera/executor';
 import { sql } from 'kysely';
 import { AsyncLocalStorage } from 'async_hooks';
 
@@ -1203,7 +1204,7 @@ function rlsPlugin(options) {
   let mutationGuard;
   return {
     name: "@kysera/rls",
-    version: "0.5.1",
+    version: "0.7.0",
     // Run after soft-delete (priority 0), before audit
     priority: 50,
     // No dependencies by default
@@ -1302,6 +1303,8 @@ function rlsPlugin(options) {
       const originalUpdate = baseRepo.update?.bind(baseRepo);
       const originalDelete = baseRepo.delete?.bind(baseRepo);
       const originalFindById = baseRepo.findById?.bind(baseRepo);
+      const rawDb = getRawDb(baseRepo.executor);
+      const hasRawDb = baseRepo.executor.__rawDb !== void 0;
       const extendedRepo = {
         ...baseRepo,
         /**
@@ -1338,12 +1341,19 @@ function rlsPlugin(options) {
          * Wrapped update with RLS check
          */
         async update(id, data) {
-          if (!originalUpdate || !originalFindById) {
+          if (!originalUpdate) {
             throw new RLSError("Repository does not support update operation", RLSErrorCodes.RLS_POLICY_INVALID);
           }
           const ctx = rlsContext.getContextOrNull();
           if (ctx && !ctx.auth.isSystem && !bypassRoles.some((role) => ctx.auth.roles.includes(role))) {
-            const existingRow = await originalFindById(id);
+            let existingRow;
+            if (hasRawDb) {
+              existingRow = await rawDb.selectFrom(table).selectAll().where("id", "=", id).executeTakeFirst();
+            } else if (originalFindById) {
+              existingRow = await originalFindById(id);
+            } else {
+              throw new RLSError("Repository does not support update operation", RLSErrorCodes.RLS_POLICY_INVALID);
+            }
             if (!existingRow) {
               return originalUpdate(id, data);
             }
@@ -1377,12 +1387,19 @@ function rlsPlugin(options) {
          * Wrapped delete with RLS check
          */
         async delete(id) {
-          if (!originalDelete || !originalFindById) {
+          if (!originalDelete) {
             throw new RLSError("Repository does not support delete operation", RLSErrorCodes.RLS_POLICY_INVALID);
           }
           const ctx = rlsContext.getContextOrNull();
           if (ctx && !ctx.auth.isSystem && !bypassRoles.some((role) => ctx.auth.roles.includes(role))) {
-            const existingRow = await originalFindById(id);
+            let existingRow;
+            if (hasRawDb) {
+              existingRow = await rawDb.selectFrom(table).selectAll().where("id", "=", id).executeTakeFirst();
+            } else if (originalFindById) {
+              existingRow = await originalFindById(id);
+            } else {
+              throw new RLSError("Repository does not support delete operation", RLSErrorCodes.RLS_POLICY_INVALID);
+            }
             if (!existingRow) {
               return originalDelete(id);
             }