@pgpm/metaschema-modules 0.19.1 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/deploy/schemas/metaschema_modules_public/tables/relation_provision/table.sql +2 -2
  2. package/deploy/schemas/metaschema_modules_public/tables/secure_table_provision/table.sql +1 -1
  3. package/package.json +4 -4
  4. package/sql/metaschema-modules--0.15.5.sql +1 -1
package/deploy/schemas/metaschema_modules_public/tables/relation_provision/table.sql CHANGED
@@ -79,7 +79,7 @@ CREATE TABLE metaschema_modules_public.relation_provision (
79
79
 
80
80
  grant_roles text[] NOT NULL DEFAULT ARRAY['authenticated'],
81
81
 
82
- grant_privileges jsonb[] NOT NULL DEFAULT ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb, '["delete","*"]'::jsonb],
82
+ grant_privileges jsonb[] NOT NULL DEFAULT '{}',
83
83
 
84
84
  -- =========================================================================
85
85
  -- ManyToMany: RLS policies (forwarded to secure_table_provision)
@@ -269,7 +269,7 @@ COMMENT ON COLUMN metaschema_modules_public.relation_provision.grant_roles IS
269
269
  'For RelationManyToMany: database roles to grant privileges to on the junction table. Forwarded to secure_table_provision as-is. Supports multiple roles, e.g. ARRAY[''authenticated'', ''admin'']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY[''authenticated'']. Ignored for RelationBelongsTo/RelationHasOne.';
270
270
 
271
271
  COMMENT ON COLUMN metaschema_modules_public.relation_provision.grant_privileges IS
272
- 'For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns. Defaults to select/insert/delete for all columns. Ignored for RelationBelongsTo/RelationHasOne.';
272
+ 'For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns. Defaults to ''{}'' (no grants — callers must explicitly specify privileges). Ignored for RelationBelongsTo/RelationHasOne.';
273
273
 
274
274
  -- =============================================================================
275
275
  -- ManyToMany: RLS policies (forwarded to secure_table_provision)
package/deploy/schemas/metaschema_modules_public/tables/secure_table_provision/table.sql CHANGED
@@ -80,7 +80,7 @@ COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_roles I
80
80
  'Database roles to grant privileges to. Supports multiple roles, e.g. ARRAY[''authenticated'', ''admin'']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY[''authenticated''].';
81
81
 
82
82
  COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_privileges IS
83
- 'PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''{}'' (no grants). Type safety is enforced by PostgreSQL at INSERT time.';
83
+ 'PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''{}'' (no grants — callers must explicitly specify privileges). Type safety is enforced by PostgreSQL at INSERT time.';
84
84
 
85
85
  COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.policy_type IS
86
86
  'Policy generator type, e.g. ''AuthzEntityMembership'', ''AuthzMembership'', ''AuthzAllowAll''. NULL means no policy is created. When set, the trigger automatically enables RLS on the target table.';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pgpm/metaschema-modules",
3
- "version": "0.19.1",
3
+ "version": "0.20.0",
4
4
  "description": "Module metadata handling and dependency tracking",
5
5
  "author": "Dan Lynch <pyramation@gmail.com>",
6
6
  "contributors": [
@@ -21,8 +21,8 @@
21
21
  "test:watch": "jest --watch"
22
22
  },
23
23
  "dependencies": {
24
- "@pgpm/metaschema-schema": "0.19.1",
25
- "@pgpm/verify": "0.19.1"
24
+ "@pgpm/metaschema-schema": "0.20.0",
25
+ "@pgpm/verify": "0.20.0"
26
26
  },
27
27
  "devDependencies": {
28
28
  "pgpm": "^4.2.3"
@@ -35,5 +35,5 @@
35
35
  "bugs": {
36
36
  "url": "https://github.com/constructive-io/pgpm-modules/issues"
37
37
  },
38
- "gitHead": "874490c55094ce0232bf230c613ee58685f369dc"
38
+ "gitHead": "6cce537f9ec29edd952c5d7d2a09210f4e7697f5"
39
39
  }
package/sql/metaschema-modules--0.15.5.sql CHANGED
@@ -421,7 +421,7 @@ COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.node_data IS
421
421
 
422
422
  COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_roles IS 'Database roles to grant privileges to. Supports multiple roles, e.g. ARRAY[''authenticated'', ''admin'']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY[''authenticated''].';
423
423
 
424
- COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_privileges IS 'Array of [privilege, columns] tuples defining table grants. Examples: [["select","*"],["insert","*"]] for full access, or [["update",["name","bio"]]] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''[]'' (no grants). The trigger validates this is a proper jsonb array.';
424
+ COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_privileges IS 'Array of [privilege, columns] tuples defining table grants. Examples: [["select","*"],["insert","*"]] for full access, or [["update",["name","bio"]]] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''[]'' (no grants — callers must explicitly specify privileges). The trigger validates this is a proper jsonb array.';
425
425
 
426
426
  COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.policy_type IS 'Policy generator type, e.g. ''AuthzEntityMembership'', ''AuthzMembership'', ''AuthzAllowAll''. NULL means no policy is created. When set, the trigger automatically enables RLS on the target table.';
427
427