camper/deploy/company_user.sql

40 lines
852 B
PL/PgSQL

-- Deploy camper:company_user to pg
-- requires: roles
-- requires: schema_camper
-- requires: user
-- requires: company
begin;
set search_path to camper, auth, public;
create table company_user (
company_id integer not null references company,
user_id integer not null references "user",
primary key (company_id, user_id)
);
grant select on table company_user to employee;
grant select on table company_user to admin;
alter table company enable row level security;
create policy company_policy
on company
using (
exists(
select 1
from company_user
join user_profile using (user_id)
where company_user.company_id = company.company_id
)
);
-- TODO:
-- I think we can not do the same for company_user because it would be
-- an infinite loop, but in this case i think it is fine because we can
-- only see ids, nothing more.
commit;