2026-04-01 00:58:42 +08:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
# CI guard: reject tenant-scoped SQL query files missing tenant_id filters.
|
|
|
|
|
# Usage: scripts/check_tenant_scope.sh
|
|
|
|
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
QUERY_DIR="internal/tenant/repository/queries"
|
|
|
|
|
EXIT_CODE=0
|
|
|
|
|
|
|
|
|
|
for f in "$QUERY_DIR"/*.sql; do
|
|
|
|
|
# Skip files that don't need tenant_id (audit.sql has operator_id + tenant_id)
|
|
|
|
|
basename=$(basename "$f")
|
2026-04-17 08:10:45 +08:00
|
|
|
if [[ "$basename" == "audit.sql" ]] || [[ "$basename" == "kol_marketplace.sql" ]]; then
|
2026-04-01 00:58:42 +08:00
|
|
|
continue
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Check each named query block for tenant_id
|
|
|
|
|
while IFS= read -r line; do
|
|
|
|
|
if [[ "$line" =~ ^--\ name: ]]; then
|
|
|
|
|
query_name="${line#-- name: }"
|
|
|
|
|
query_name="${query_name%% *}"
|
|
|
|
|
fi
|
|
|
|
|
done < "$f"
|
|
|
|
|
|
|
|
|
|
# Simple check: file should contain tenant_id somewhere
|
|
|
|
|
if ! grep -q 'tenant_id' "$f"; then
|
|
|
|
|
echo "ERROR: $f is missing tenant_id filter"
|
|
|
|
|
EXIT_CODE=1
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ "$EXIT_CODE" -eq 0 ]; then
|
|
|
|
|
echo "All query files contain tenant_id filters."
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
exit $EXIT_CODE
|