@moneypot/hub 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -404,8 +404,9 @@ create policy update_bankroll on hub.bankroll for update using (
|
|
|
404
404
|
);
|
|
405
405
|
|
|
406
406
|
-- MIXED-USE POLICIES
|
|
407
|
-
--
|
|
408
|
-
--
|
|
407
|
+
-- We should scope every user check to the current experience
|
|
408
|
+
-- Else you will accidentally see the user's rows for other experiences
|
|
409
|
+
|
|
409
410
|
create policy select_user on hub.user for select using (
|
|
410
411
|
hub_hidden.is_operator() or (
|
|
411
412
|
-- Users can only see their own records
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
drop policy if exists select_user on hub.user;
|
|
2
|
+
create policy select_user on hub.user for select using (
|
|
3
|
+
hub_hidden.is_operator() or
|
|
4
|
+
-- Users can only see their own records
|
|
5
|
+
-- Users are global and not scoped to experiences
|
|
6
|
+
(
|
|
7
|
+
id = hub_hidden.current_user_id() and
|
|
8
|
+
-- casino_id match is redundant but we'll include it for consistency
|
|
9
|
+
casino_id = hub_hidden.current_casino_id()
|
|
10
|
+
)
|
|
11
|
+
);
|
|
12
|
+
|
|
13
|
+
-- These are all scoped to the current experience
|
|
14
|
+
--
|
|
15
|
+
-- Technically, matching on (user_id, experience_id) is sufficient since
|
|
16
|
+
-- experience implies casino, but we'll match on all three to be explicit.
|
|
17
|
+
|
|
18
|
+
drop policy if exists select_balance on hub.balance;
|
|
19
|
+
create policy select_balance on hub.balance for select using (
|
|
20
|
+
hub_hidden.is_operator() OR
|
|
21
|
+
-- Users can only see their own records for current experience
|
|
22
|
+
(
|
|
23
|
+
user_id = hub_hidden.current_user_id() and
|
|
24
|
+
experience_id = hub_hidden.current_experience_id() and
|
|
25
|
+
casino_id = hub_hidden.current_casino_id()
|
|
26
|
+
)
|
|
27
|
+
);
|
|
28
|
+
|
|
29
|
+
drop policy if exists select_deposit on hub.deposit;
|
|
30
|
+
create policy select_deposit on hub.deposit for select using (
|
|
31
|
+
hub_hidden.is_operator() OR
|
|
32
|
+
-- Users can only see their own records for current experience
|
|
33
|
+
(
|
|
34
|
+
user_id = hub_hidden.current_user_id() and
|
|
35
|
+
experience_id = hub_hidden.current_experience_id() and
|
|
36
|
+
casino_id = hub_hidden.current_casino_id()
|
|
37
|
+
)
|
|
38
|
+
);
|
|
39
|
+
|
|
40
|
+
drop policy if exists select_withdrawal on hub.withdrawal;
|
|
41
|
+
create policy select_withdrawal on hub.withdrawal for select using (
|
|
42
|
+
hub_hidden.is_operator() OR
|
|
43
|
+
-- Users can only see their own records for current experience
|
|
44
|
+
(
|
|
45
|
+
user_id = hub_hidden.current_user_id() and
|
|
46
|
+
experience_id = hub_hidden.current_experience_id() and
|
|
47
|
+
casino_id = hub_hidden.current_casino_id()
|
|
48
|
+
)
|
|
49
|
+
);
|
|
50
|
+
|
|
51
|
+
drop policy if exists select_session on hub.session;
|
|
52
|
+
create policy select_session on hub.session for select using (
|
|
53
|
+
hub_hidden.is_operator() OR
|
|
54
|
+
-- Users can only see their own records for current experience
|
|
55
|
+
(
|
|
56
|
+
user_id = hub_hidden.current_user_id() and
|
|
57
|
+
experience_id = hub_hidden.current_experience_id() and
|
|
58
|
+
casino_id = hub_hidden.current_casino_id()
|
|
59
|
+
)
|
|
60
|
+
);
|
|
61
|
+
|
|
62
|
+
drop policy if exists select_withdrawal_request on hub.withdrawal_request;
|
|
63
|
+
create policy select_withdrawal_request on hub.withdrawal_request for select using (
|
|
64
|
+
hub_hidden.is_operator() OR
|
|
65
|
+
-- Users can only see their own records for current experience
|
|
66
|
+
(
|
|
67
|
+
user_id = hub_hidden.current_user_id() and
|
|
68
|
+
experience_id = hub_hidden.current_experience_id() and
|
|
69
|
+
casino_id = hub_hidden.current_casino_id()
|
|
70
|
+
)
|
|
71
|
+
);
|
|
72
|
+
|
|
73
|
+
drop policy if exists select_faucet_claim on hub.faucet_claim;
|
|
74
|
+
create policy select_faucet_claim on hub.faucet_claim for select using (
|
|
75
|
+
hub_hidden.is_operator() OR
|
|
76
|
+
-- Users can only see their own records for current experience
|
|
77
|
+
(
|
|
78
|
+
user_id = hub_hidden.current_user_id() and
|
|
79
|
+
experience_id = hub_hidden.current_experience_id() and
|
|
80
|
+
casino_id = hub_hidden.current_casino_id()
|
|
81
|
+
)
|
|
82
|
+
);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@moneypot/hub",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.2",
|
|
4
4
|
"author": "moneypot.com",
|
|
5
5
|
"homepage": "https://moneypot.com/hub",
|
|
6
6
|
"keywords": [
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
"dependencies": {
|
|
42
42
|
"@graphile-contrib/pg-omit-archived": "^4.0.0-beta.4",
|
|
43
43
|
"@moneypot/hash-herald": "^1.0.0",
|
|
44
|
-
"@moneypot/pg-upgrade-schema": "^2.0.
|
|
44
|
+
"@moneypot/pg-upgrade-schema": "^2.0.4",
|
|
45
45
|
"@noble/curves": "^1.5.0",
|
|
46
46
|
"dotenv": "^16.4.5",
|
|
47
47
|
"express": "^5.0.1",
|