Variable policiesConst

Type Declaration

• userOwned: function

  • userOwned(
        table: string,
        operations?: PolicyOperation | PolicyOperation[],
        userIdColumn?: string,
    ): PolicyBuilder[]

    User ownership policy - users can only access their own rows

    Parameters

    • table: string

      Table name

    • operations: PolicyOperation | PolicyOperation[] = "ALL"

      Operations to allow (default: ALL)

    • userIdColumn: string = "user_id"

      Column containing user ID (default: user_id)

    Returns PolicyBuilder[]

    Array of PolicyBuilder instances (one per operation)

    Example

    // Allow all operations on user's own documents
    const [policy] = policies.userOwned('documents');
    console.log(policy.toSQL());
    
    // Only allow SELECT and INSERT
    const [selectPolicy, insertPolicy] = policies.userOwned(
      'documents',
      ['SELECT', 'INSERT']
    );
    
    // Custom user ID column
    const [policy] = policies.userOwned('posts', 'ALL', 'author_id');
    Copy

• tenantIsolation: function

  • tenantIsolation(
        table: string,
        tenantColumn?: string,
        sessionKey?: string,
    ): PolicyBuilder

    Tenant isolation policy - users can only access rows from their tenant

    Creates a RESTRICTIVE policy that enforces tenant isolation across all operations.

    Parameters

    • table: string

      Table name

    • tenantColumn: string = "tenant_id"

      Column containing tenant ID (default: tenant_id)

    • sessionKey: string = "app.current_tenant_id"

      Session variable key (default: app.current_tenant_id)

    Returns PolicyBuilder

    A RESTRICTIVE PolicyBuilder instance

    Example

    // Basic tenant isolation
    const policy = policies.tenantIsolation('documents');
    console.log(policy.toSQL());
    
    // Custom tenant column and session key
    const policy = policies.tenantIsolation(
      'projects',
      'org_id',
      'app.current_org_id'
    );
    
    // Combine with other policies
    const tenantPolicy = policies.tenantIsolation('documents');
    const [userPolicy] = policies.userOwned('documents', 'SELECT');
    // Users see only their docs within their tenant
    Copy

• publicAccess: function

  • publicAccess(table: string, visibilityColumn?: string): PolicyBuilder

    Public access policy - anyone can read public rows

    Creates a SELECT policy that allows reading rows marked as public.

    Parameters

    • table: string

      Table name

    • visibilityColumn: string = "is_public"

      Column indicating public visibility (default: is_public)

    Returns PolicyBuilder

    A PolicyBuilder instance for SELECT operations

    Example

    // Allow reading public documents
    const policy = policies.publicAccess('documents');
    console.log(policy.toSQL());
    
    // Custom visibility column
    const policy = policies.publicAccess('posts', 'published');
    
    // Combine with ownership policy
    const publicPolicy = policies.publicAccess('documents');
    const [ownerPolicy] = policies.userOwned('documents', 'SELECT');
    // Users can see public docs OR their own docs
    Copy

• roleAccess: function

  • roleAccess(
        table: string,
        role: string,
        operations?: PolicyOperation | PolicyOperation[],
    ): PolicyBuilder[]

    Role-based access policy - only specific roles can access

    Creates policies that grant access to users with a specific role.

    Parameters

    • table: string

      Table name

    • role: string

      Role name

    • operations: PolicyOperation | PolicyOperation[] = "ALL"

      Operations to allow (default: ALL)

    Returns PolicyBuilder[]

    Array of PolicyBuilder instances (one per operation)

    Example

    // Admins can do everything
    const [policy] = policies.roleAccess('documents', 'admin');
    console.log(policy.toSQL());
    
    // Moderators can only read and update
    const policies = policies.roleAccess(
      'posts',
      'moderator',
      ['SELECT', 'UPDATE']
    );
    Copy