From d03da4f40ad4be098ef9e1532d4a313f7d8b4732 Mon Sep 17 00:00:00 2001 From: Marc Scholten Date: Wed, 29 Dec 2021 09:34:34 +0100 Subject: [PATCH] Fixed AutoRefresh crashing when database triggers are set up from the ihp_authenticated role The ihp_authenticated role typically doesn't have permissions to set up triggers. This caused the first AutoRefresh call to a table to fail if row level security policies have been used and IHP tried to call the database from the ihp_authenticated role. --- IHP/AutoRefresh.hs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/IHP/AutoRefresh.hs b/IHP/AutoRefresh.hs index 867d4d4e7..c7f0c0ccd 100644 --- a/IHP/AutoRefresh.hs +++ b/IHP/AutoRefresh.hs @@ -162,7 +162,11 @@ registerNotificationTrigger touchedTablesVar autoRefreshServer = do pgListener <- get #pgListener <$> readIORef autoRefreshServer subscriptions <- subscriptionRequired |> mapM (\table -> do let createTriggerSql = notificationTrigger table - sqlExec createTriggerSql () + + -- We need to add the trigger from the main IHP database role other we will get this error: + -- ERROR: permission denied for schema public + withRowLevelSecurityDisabled do + sqlExec createTriggerSql () pgListener |> PGListener.subscribe (channelName table) \notification -> do sessions <- (get #sessions) <$> readIORef autoRefreshServer