Class PolicyBuilder

Policy builder class implementing fluent API

Index

Constructors

Methods

on for read write update delete all to when withCheck allow restrictive permissive requireAll allowAny description toDefinition toSQL

Constructors

constructor

new PolicyBuilder(name?: string): PolicyBuilder
Parameters
- Optionalname: string
Returns PolicyBuilder
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:296

Methods

on

on(table: string): this
Specify the table for this policy
Parameters
- table: string
Returns this
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:305

for

for(operation: PolicyOperation): this
Specify the operation(s) this policy applies to
Parameters
- operation: PolicyOperation
Returns this
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:313

read

read(): this
User-focused alias for .for("SELECT") - allows reading rows

Returns this
Example
```
policy('view_docs')
  .on('documents')
  .read()
  .when(column('user_id').isOwner());
```
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:329

write

write(): this
User-focused alias for .for("INSERT") - allows creating rows

Returns this
Example
```
policy('create_docs')
  .on('documents')
  .write()
  .withCheck(column('user_id').isOwner());
```
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:344

update

update(): this
User-focused alias for .for("UPDATE") - allows updating rows

Returns this
Example
```
policy('update_docs')
  .on('documents')
  .update()
  .when(column('user_id').isOwner())
  .withCheck(column('user_id').isOwner());
```
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:360

delete

delete(): this
User-focused alias for .for("DELETE") - allows deleting rows

Returns this
Example
```
policy('delete_docs')
  .on('documents')
  .delete()
  .when(column('user_id').isOwner());
```
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:375

all

all(): this
User-focused alias for .for("ALL") - allows all operations

Returns this
Example
```
policy('full_access')
  .on('documents')
  .all()
  .when(column('user_id').isOwner());
```
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:390

to

to(role: string): this
Specify the role this policy applies to
Parameters
- role: string
Returns this
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:397

when

when(condition: Condition | ConditionChain): this

Set the USING clause (read filter)

Determines which existing rows can be seen/modified by the current user.

Parameters

condition: Condition | ConditionChain

Returns this

Example

// Users can only see their own documents
policy('view_own_docs')
  .on('documents')
  .read()
  .when(column('user_id').isOwner());

// Complex condition with OR
policy('view_docs')
  .on('documents')
  .read()
  .when(
    column('user_id').isOwner()
      .or(column('is_public').eq(true))
  );

withCheck

withCheck(condition: Condition | ConditionChain): this

Set the WITH CHECK clause (write validation)

Validates that new/modified rows meet the specified condition.

Parameters

condition: Condition | ConditionChain

Returns this

Example

// Prevent users from creating documents for other users
policy('create_docs')
  .on('documents')
  .write()
  .withCheck(column('user_id').isOwner());

// For UPDATE, use both when() and withCheck()
policy('update_docs')
  .on('documents')
  .update()
  .when(column('user_id').isOwner())  // Can only update own docs
  .withCheck(column('user_id').isOwner());  // Can't change ownership

allow

allow(condition: Condition | ConditionChain): this
Type-safe method to set the appropriate clause(s) based on the operation.
- SELECT/DELETE: sets USING clause (read filter)
- INSERT: sets WITH CHECK clause (write validation)
- UPDATE/ALL: sets both USING and WITH CHECK clauses (same condition)
Parameters
- condition: Condition | ConditionChain
Returns this
Example
```
// For SELECT - sets USING only
policy('read_docs')
  .on('documents')
  .read()
  .allow(column('user_id').isOwner());

// For INSERT - sets WITH CHECK only
policy('create_docs')
  .on('documents')
  .write()
  .allow(column('user_id').isOwner());

// For UPDATE - sets both USING and WITH CHECK
policy('update_docs')
  .on('documents')
  .update()
  .allow(column('user_id').isOwner());
```
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:483

restrictive

restrictive(): this
Set policy as RESTRICTIVE

Returns this
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:512

permissive

permissive(): this
Set policy as PERMISSIVE (default)

Returns this
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:520

requireAll

requireAll(): this

User-focused alias for .restrictive() - all policies must pass

Makes this policy RESTRICTIVE, meaning it must pass in addition to other policies. Useful for adding constraints that apply to all operations (e.g., tenant isolation).

Returns this

Example

// Tenant isolation that restricts all other policies
policy('tenant_isolation')
  .on('documents')
  .all()
  .requireAll()  // This policy AND other policies must pass
  .when(column('tenant_id').belongsToTenant());

// Now add a permissive policy for user access
policy('user_access')
  .on('documents')
  .read()
  .when(column('user_id').isOwner());
// Users can only see their own docs within their tenant

allowAny

allowAny(): this

User-focused alias for .permissive() - any policy can grant access

Makes this policy PERMISSIVE (default), meaning if this policy passes, access is granted (unless blocked by a RESTRICTIVE policy).

Returns this

Example

// Multiple ways to access documents
policy('owner_access')
  .on('documents')
  .read()
  .allowAny()  // Explicit, but this is the default
  .when(column('user_id').isOwner());

policy('public_access')
  .on('documents')
  .read()
  .when(column('is_public').eq(true));
// User can see a document if EITHER policy passes

description

description(text: string): this
Add description/documentation
Parameters
- text: string
Returns this
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:581

toDefinition

toDefinition(): PolicyDefinition
Get the policy definition

Returns PolicyDefinition
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:610

toSQL

toSQL(options?: SQLGenerationOptions): string
Generate SQL for this policy Matches PostgreSQL CREATE POLICY syntax: CREATE POLICY name ON table [AS PERMISSIVE|RESTRICTIVE] [FOR operation] [TO role] [USING ...] [WITH CHECK ...]
Parameters
- Optionaloptions: SQLGenerationOptions
  Options for SQL generation (e.g., includeIndexes)
Returns string
- Defined in ../home/runner/work/ts-to-rls/ts-to-rls/src/policy-builder.ts:641

Class PolicyBuilder

Index

Constructors

Methods

Constructors

constructor

Parameters

Returns PolicyBuilder

Methods

on

Parameters

Returns this

for

Parameters

Returns this

read

Returns this

Example

write

Returns this

Example

update

Returns this

Example

delete

Returns this

Example

all

Returns this

Example

to

Parameters

Returns this

when

Parameters

Returns this

Example

withCheck

Parameters

Returns this

Example

allow

Parameters

Returns this

Example

restrictive

Returns this

permissive

Returns this

requireAll

Returns this

Example

allowAny

Returns this

Example

description

Parameters

Returns this

toDefinition

Returns PolicyDefinition

toSQL

Parameters

Returns string

Settings

On This Page