cazzer
/ machine.js
Last active
April 15, 2020 21:47
Generated by XState Viz: https://xstate.js.org/viz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| async function authorizeCharge() { | |
| return true | |
| } | |
| const canAddCharge = (context) => { | |
| return context.batteryLevel < context.batteryCapacity | |
| } | |
| const cantAddCharge = (context) => { | |
| return context.batteryLevel === context.batteryCapacity |
cazzer
/ thing-permission-policy-rls.sql
Created
December 6, 2018 21:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create role application_user; | |
| grant all on all table in schema public to application_user; | |
| create policy thing_owner | |
| on things | |
| as permissive | |
| for all | |
| to application_user | |
| using ( | |
| exists( |
cazzer
/ thing-permission-rls-trigger.sql
Created
December 6, 2018 21:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create or replace function insert_permission() | |
| returns trigger | |
| as $$ | |
| begin | |
| insert into permissions (item_id, user_or_group_id, role) values ( | |
| new.id, | |
| current_setting('user_id')::uuid[] | |
| ); | |
| return new; | |
| end |
cazzer
/ postgraphile-lambda.js
Last active
November 12, 2018 00:52
A Lambda which serves GraphQL requests using Postgraphile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import get from 'lodash/get' | |
| import { graphql } from 'graphql' | |
| import Pool from 'pg-pool' | |
| import { | |
| createPostGraphileSchema, | |
| withPostGraphileContext | |
| } from 'postgraphile' | |
| import config from './config' |
cazzer
/ rls-performance-view-view.sql
Last active
August 2, 2018 05:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create view items_view | |
| with (security_barrier) | |
| as | |
| select items.* | |
| from items | |
| join permissions on item_id = items.id | |
| and user_or_group_id = | |
| any(regexp_split_to_array(current_setting('jwt.claims.roles'), ',')::uuid[]); |
cazzer
/ rls-performance-table-policy.sql
Last active
July 28, 2018 00:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create policy item_owner | |
| on items | |
| as permissive | |
| for all | |
| to application_user | |
| using ( | |
| items.public = true | |
| or exists( | |
| select item_id | |
| from permissions |
cazzer
/ rls-performance-table-table.sql
Last active
August 2, 2018 05:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create table if not exists users_and_groups ( | |
| id uuid default uuid_generate_v4() not null primary key, | |
| name text not null | |
| ); | |
| -- e.g. ('eac6...f6c9', 'alice') or ('0fdc...947f', 'E Corp') | |
| create table if not exists items ( | |
| id uuid default uuid_generate_v4() not null primary key, | |
| value text, | |
| public boolean default false |
cazzer
/ rls-performance-column-policy.sql
Last active
August 2, 2018 05:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create policy item_owner | |
| on items | |
| as permissive | |
| for all | |
| to application_user | |
| using ( | |
| items.acl_read && regexp_split_to_array(current_setting('jwt.claims.roles'), ',')::uuid[] | |
| or items.acl_write && regexp_split_to_array(current_setting('jwt.claims.roles'), ',')::uuid[] | |
| ) | |
| with check ( |
cazzer
/ rls-performance-column-table.sql
Last active
August 2, 2018 05:59
Table schema for the column version of RLS performant applications.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create table if not exists items ( | |
| id uuid default uuid_generate_v4() not null primary key, | |
| value text, | |
| acl_read uuid[] default array[]::uuid[], | |
| acl_write uuid[] default array[]::uuid[] | |
| ); | |
| -- e.g. ('f386...5e99', 'I row and therefore I am', {'eac6...f6c9'}, {'0fdc...947f'}) | |
| create index read_permissions_index on items using gin(acl_read); | |
| create index write_permissions_index on items using gin(acl_write); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name No Alerts | |
| // @namespace http://tampermonkey.net/ | |
| // @version 0.1 | |
| // @description try to take over the world! | |
| // @author You | |
| // @match *://*/* | |
| // @grant none | |
| // ==/UserScript== |
NewerOlder