New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Row Level Security in transactions #134
Comments
Building raw SQL queries is currently not supported, but could be exported from I'm thinking the API might look something like this:
This way we can get the benefits of concatenating SQL fragments together while still using parameterized queries to prevent injection issues and improve caching of query plans and whatnot. Your example could then be written like:
Does this sound reasonable? BTW, I really don't like the names |
Thanks for the quick response! Something like that sounds like perfect for my use case. A minor change to those function names could be |
Any update on this? |
In the mean time, I think I've come up with a solution to this:
|
It's coming along, but got delayed a bit by Christmas and a nasty flu. |
Sorry about the delay, as of tonight this should be resolved on master. I'll make a release as soon as I get confirmation for this issue and #133. |
GHC Version: 8.6.5
Selda Version: 0.4.0.0
I'm looking to setup a web service with Servant and Selda with Postgres. To handle security, I'm using postgres's row level security functionality. Once a user is authorized in the application, in each transaction we call
SET LOCAL ...
, giving just that transaction the logged in user's ID, their access level, etc, so each returned row can be restricted if necessary. With this system, every call to the DB must be in a transaction. I can't seem to figure out how to set this context with Selda.(In the following
Handler
is aReaderT AppState Servant.Handler
that provides access to the DB pool. Beyond that, I don't think it has an impact on the question)Here's what I have so far:
The function I think I'm looking for would be something like
func :: Text -> Query s a
, allowing me to do:I don't see the ability to make a raw
Query
in the docs. I do see thatSeldaBackend
has therunStmt
function, but I'm not sure that calling that directly will run the statement inside of the transaction.Can you provide any insight as to how to accomplish this? Or if there's a better way to achieve the same goal in Selda?
The text was updated successfully, but these errors were encountered: