Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    matrixbot
    @matrixbot
    Nolan OK, think I figured it out. Moved the logic into a security definer function.
    Benjie Gillam
    @benjie
    Nolan / @matrixbot : RLS policies themselves obey RLS, this is generally what you want but sometimes it isn't - when it's not you can use a SECURITY DEFINER function to bypass RLS (and RBAC) and perform whatever checks you need.
    e.g. I commonly do something like CREATE POLICY select_admins ON topics FOR select USING (organization_id = any(current_user_admin_organization_ids()));
    This is very efficient (much more so than a join) because it only needs to look up the organization IDs once, and then it can use an index check on that.
    Ah. Thats what you did. Sorry; still catching up!
    matrixbot
    @matrixbot
    Nolan Got it. And just to confirm what I suspect, RLS policies can't block updates to specific columns, right? I.e. if I have an accepted field on attempt that everyone can see but only the recipient of the attempt can change, I should probably just define a custom mutation and @omit the field from the generated update mutation?
    Nolan Still trying to wrap my head around when it's best to use different tables vs. RLS vs. custom mutations/field definitions.
    Benjie Gillam
    @benjie
    Yeah; that's basically correct - RBAC deals with columns/tables, RLS deals with rows.
    I'm not sure what happens when you try to combine them (e.g. create role user_a; create_role user_b; grant user_a to postgraphile_user; grant user_b to postgraphile_user; grant update (a) on foo to user_a; grant update (b) on foo to user_b; create policy update_a on foo for update to user_a using(check_a()); create policy update_b on foo for update to user_b using(check_b());) - I've not tried this out yet.
    Nolan: do you receive edits? I edit alot; not sure if you're using IRC or whatever?
    matrixbot
    @matrixbot
    Nolan Using Matrix, it doesn't seem to edit the messages but I pop into the web interface and check them.
    Benjie Gillam
    @benjie
    :+1:
    Jesús Ángel Loredo Álvarez
    @loredo_alvarez_twitter
    Based on your experience, how do INDEXES let us build a better and performant API with Postgraphile?
    Benjie Gillam
    @benjie
    Uhhhh... Are you asking me how to optimise your database, or...?
    Jesús Ángel Loredo Álvarez
    @loredo_alvarez_twitter
    Yep!, I've been reading some comments here, and at some point, you mention something about PostgreSQL Indexes, those affect on some way the performance of the API?
    Benjie Gillam
    @benjie
    :@ Looks like Gitter lost my message :(
    Anyway; standard PostgreSQL optimisations apply.
    What works best for your database will likely be different from someone else’s
    It’s highly recommended you have the standard expected PostgreSQL indexes, like primary keys, unique indexes, indexes on foreign keys, indexes on things your RLS policies check (if appropriate). Don’t just sprinkle them everywhere though!
    If you need help optimising your DB specifically then I can help with that via my consultancy
    Jesús Ángel Loredo Álvarez
    @loredo_alvarez_twitter
    Thanks a lot, I'll check the basics you mention, if I need Something more DB specific I'll be definitely in contact with you :smile: :+1:
    Michael Kelly
    @mkellyclare
    Thanks for the help @benjie, added a plugin to lowercase the enum names and it did the trick. Here is the code for it if anyone is interested -
    // lowerCaseEnums.ts
    
    export function lowerCaseEnums(builder: any) {
      builder.hook('inflection', (inflection: any) => ({
        ...inflection,
        enumName(value: string) {
          return value.toLowerCase();
        }
      }));
    }
    
    // index.ts
    
    app.use(
      postgraphile(getDbPool(), 'schema_name', {
        appendPlugins: [lowerCaseEnums]  
      })
    );
    Benjie Gillam
    @benjie
    @jemgillam ^ snippet
    matrixbot
    @matrixbot
    Nolan How do I return a single row from a plpgsql function? return query wants me to use a setof, which I don't think I want. I'm trying to return the newly-mutated row in a custom update mutation.
    Jesús Ángel Loredo Álvarez
    @loredo_alvarez_twitter
    UPDATE schema.table SET fields_to_update RETURNING * INTO variable_to_return;
    And return that variable from PLPGSQL
    That's what I do
    Frank Sheiness
    @syndesis
    CREATE OR REPLACE FUNCTION myschema.return_one_foo (fooId integer) RETURNS myschema.foo AS $$
    DECLARE
    myFoo myschema.foo%ROWTYPE;
    BEGIN
     -- something that puts a row into myFoo
         RETURN myFoo;
    END;
    $$ LANGUAGE plpgsql;
    james-s-turner
    @james-s-turner
    I'm writing my own server to submit queries using withPostGraphileContext. I have got queries to work however when I try to do a mutation I get the following error:
    [ { error: ROLLBACK TO SAVEPOINT can only be used in transaction blocks at Connection.parseE (/XXXXXXXXX/react-postgraphile/react-postgraphile-front/node_modules/pg/lib/connection.js:553:11)
    james-s-turner
    @james-s-turner
    I have submitted the same mutation using both GraphiQL and the supplied CLI server and it works OK. I found this issue graphile/graphile-build#98 saying there might be a problems with library versions. My package.json is as follows:
        "pg": "^7.4.3",
        "pg-pool": "^2.0.3",
        "postgraphile": "^4.0.0-rc.2",
    Should I be using different versions?
    Aprendo Aprendo Aprendo Aprendo Aprendo.....
    @bichoraroTV_twitter
    Hi everyone! Can PostGraphile work well over a Kubernetes architecture?
    Kersten Lorenz
    @loxy
    I'm using PostGraphile on Kubernetes. No problems. But why should it not work?
    Benjie Gillam
    @benjie
    @james-s-turner The pgClient you pass must perform a transaction: it must issue a “begin” statement then wrap withPostGraphileContext call with a try/catch.
    Actually that’s not right. What it needs is to pass pgForceTransaction:true. I’m surprised I didn’t default that to true.
    I’m in France right now; could you file an issue telling me to default that option to true please?
    @loxy I don’t understand the question
    Aprendo Aprendo Aprendo Aprendo Aprendo.....
    @bichoraroTV_twitter
    @loxy this is my first time that I’m going into production and want to chose well.
    Kersten Lorenz
    @loxy
    Because it is no question. It's an answe to @bichoraroTV_twitter
    james-s-turner
    @james-s-turner
    @benjie thanks very much for the speedy reply :-) I'll give that a try
    @benjie will file issue when I have verified
    Benjie Gillam
    @benjie
    Ah, mobile gitter skipped that message. Sorry! Thanks for answering 👍
    Kersten Lorenz
    @loxy
    You're welcome
    james-s-turner
    @james-s-turner
    @benjie Just put some logging into withPostGraphileContext and it IS beginning the transaction!
    if (needTransaction) { console.log('BEGIN TRANSACTION'); await pgClient.query('begin'); }
    I can see 'BEGIN TRANSACTION' being logged to console. Possibly a race condition?
    Benjie Gillam
    @benjie
    Hmmm. I’m not sure then. Maybe you’re missing an await or similar and causing the transaction to commit before any queries run?