chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: clarify step_library RLS comment; remove unused sqlalchemy import

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
chihlasm
2026-04-10 06:57:41 +00:00
parent 87fac02e9b
commit 5bd331ca92
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/alembic/versions/70a5dd746e83_enable_rls_phase2.py
View File

@@ -20,8 +20,6 @@ Create Date: 2026-04-10 06:54:49.431817
from typing import Sequence, Union from typing import Sequence, Union
from alembic import op from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic. # revision identifiers, used by Alembic.
revision: str = '70a5dd746e83' revision: str = '70a5dd746e83'
@@ -41,8 +39,11 @@ _CURRENT_ACCOUNT = (
_STANDARD_USING = f"account_id = {_CURRENT_ACCOUNT}" _STANDARD_USING = f"account_id = {_CURRENT_ACCOUNT}"
# Visibility-aware policy for step_library — public steps (visibility='public') # Visibility-aware policy for step_library — public steps (visibility='public')
# must be visible to ALL tenants regardless of account_id, mirroring # must be visible to ALL tenants regardless of account_id. This covers the
# build_step_visibility_filter() in app/core/filters.py. # visibility='public' arm of build_step_visibility_filter() in app/core/filters.py.
# The created_by arm (private steps visible to their author) is covered
# transitively: private steps share account_id with their creator, so the
# account_id match handles it. This relies on account_id NOT NULL on step_library.
_STEP_LIBRARY_USING = f"account_id = {_CURRENT_ACCOUNT} OR visibility = 'public'" _STEP_LIBRARY_USING = f"account_id = {_CURRENT_ACCOUNT} OR visibility = 'public'"
# Standard tables: strict tenant isolation, no cross-tenant visibility. # Standard tables: strict tenant isolation, no cross-tenant visibility.