ClassroomCopilot/supabase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
supabase/volumes/db/cc/75-files-gc-protect-delete.sql
Hermes cc-worker 75a0779a3a
Some checks failed
supabase-ci / validate (push) Has been cancelled
Details
fix(files): allow GC through storage protect_delete 
(cherry picked from commit a6eff7ad124c94c75751c77a499433b562911b7b)
2026-06-08 01:17:01 +00:00

52 lines
2.1 KiB
PL/PgSQL
Raw Blame History

-- Allow our file-GC helpers to satisfy Supabase storage.protect_delete
-- without weakening the managed storage trigger for arbitrary raw deletes.
--
-- Supabase storage.protect_delete permits direct storage.objects deletes only
-- when the transaction-local GUC storage.allow_delete_query is 'true'. The
-- Storage API sets that GUC for its own deletes. public.files GC is our
-- trigger-side cleanup path, so scope the same GUC to these SECURITY DEFINER
-- helpers immediately before their storage.objects DELETE statements.
create or replace function public._delete_storage_objects(p_bucket text, p_path text)
returns void
language plpgsql security definer
set search_path to 'public', 'storage'
as $$
begin
if p_bucket is null or p_path is null then
return;
end if;
perform set_config('storage.allow_delete_query', 'true', true);
delete from storage.objects where bucket_id = p_bucket and name = p_path;
delete from storage.objects where bucket_id = p_bucket and name like p_path || '/%';
end
$$;
create or replace function public._delete_storage_prefix(p_bucket text, p_prefix text)
returns void
language plpgsql security definer
set search_path to 'public', 'storage'
as $$
begin
if p_bucket is null or p_prefix is null then
return;
end if;
perform set_config('storage.allow_delete_query', 'true', true);
-- Delete any objects whose name starts with the prefix + '/'
delete from storage.objects where bucket_id = p_bucket and name like p_prefix || '/%';
-- In case an object exists exactly at the prefix (rare but safe)
delete from storage.objects where bucket_id = p_bucket and name = p_prefix;
end
$$;
-- These helpers are intended for our SECURITY DEFINER GC triggers/helpers, not
-- as a general SQL delete API for application roles.
revoke all on function public._delete_storage_objects(text, text) from public;
revoke all on function public._delete_storage_prefix(text, text) from public;
revoke all on function public._delete_storage_objects(text, text) from anon, authenticated;
revoke all on function public._delete_storage_prefix(text, text) from anon, authenticated;
Reference in New Issue View Git Blame Copy Permalink