fix: rls policy to pull the right comments

bcgov · Jan 28, 2023 · ed59b7c · ed59b7c
1 parent 8b334d6
commit ed59b7c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/schema/deploy/policies/review_comment_policies.sql b/schema/deploy/policies/review_comment_policies.sql
@@ -3,10 +3,14 @@
 
 begin;
 
+-- Function that returns all application review step ids belonging to the current user
+-- so we can match the correct review comments
 create or replace function ggircs_portal_private.get_valid_review_comments()
 returns setof integer as
 $fn$
-  select a.id from ggircs_portal.application a
+  select ars.id from ggircs_portal.application_review_step ars
+    join ggircs_portal.application a
+      on ars.application_id = a.id
     join ggircs_portal.facility f
       on a.facility_id = f.id
     join ggircs_portal.ciip_user_organisation cuo
@@ -42,8 +46,8 @@ perform ggircs_portal_private.upsert_policy('ciip_analyst_update_review_comment'
 
 -- statement for select using & insert with check
 industry_user_statement := $$
-                             application_id in (select ggircs_portal_private.get_valid_review_comments())
-                             and comment_type in ('internal')
+                             application_review_step_id in (select ggircs_portal_private.get_valid_review_comments())
+                             and review_comment.comment_type in ('internal')
                            $$;
 
 -- ciip_industry_user RLS

diff --git a/schema/revert/policies/review_comment_policies.sql b/schema/revert/policies/review_comment_policies.sql
@@ -41,13 +41,10 @@ perform ggircs_portal_private.upsert_policy('ciip_analyst_insert_review_comment'
 perform ggircs_portal_private.upsert_policy('ciip_analyst_update_review_comment', 'review_comment', 'update', 'ciip_analyst', 'created_by=(select ggircs_portal_private.analyst_owns_comment())');
 
 -- statement for select using & insert with check
-industry_user_statement := $$
-                             application_id in (select ggircs_portal_private.get_valid_review_comments())
-                             and comment_type!='internal'
-                           $$;
 
 -- ciip_industry_user RLS
-perform ggircs_portal_private.upsert_policy('ciip_industry_user_select_review_comment', 'review_comment', 'select', 'ciip_industry_user', industry_user_statement);
+-- dropping a policy that was in a broken state before this migration, to satisfy the sqitch revert
+drop policy ciip_industry_user_select_review_comment on ggircs_portal.review_comment;
 
 end
 $policy$;