fix(ci): allow workspace-scoped desktop queries
CI / Frontend (push) Successful in 3m4s
CI / Deployment Config (push) Successful in 6s
CI / Backend (push) Successful in 13m33s

This commit is contained in:
2026-04-30 23:41:07 +08:00
parent 22163edbee
commit 25ffcefd22
+30 -5
View File
@@ -15,6 +15,12 @@ EXEMPT=(
"kol_usage.sql"
)
WORKSPACE_SCOPED=(
"desktop_account.sql"
"desktop_client.sql"
"desktop_task.sql"
)
is_exempt() {
local name="$1"
for e in "${EXEMPT[@]}"; do
@@ -25,16 +31,35 @@ is_exempt() {
return 1
}
is_workspace_scoped() {
local name="$1"
for e in "${WORKSPACE_SCOPED[@]}"; do
if [[ "$name" == "$e" ]]; then
return 0
fi
done
return 1
}
for f in "$QUERY_DIR"/*.sql; do
basename=$(basename "$f")
if is_exempt "$basename"; then
continue
fi
# Must contain at least one tenant_id = sqlc.arg(...) or sqlc.narg(...) filter.
if ! grep -Eq 'tenant_id[[:space:]]*=[[:space:]]*sqlc\.(n?arg)\(' "$f"; then
echo "ERROR: $f must filter on tenant_id = sqlc.(n?arg)(...)"
EXIT_CODE=1
if is_workspace_scoped "$basename"; then
# Desktop queries are scoped by workspace plus client/account identity.
# Keep this list explicit so new query files still need tenant_id checks.
if ! grep -Eq 'workspace_id[[:space:]]*=[[:space:]]*sqlc\.(n?arg)\(workspace_id\)' "$f"; then
echo "ERROR: $f is workspace-scoped but missing workspace_id = sqlc.(n?arg)(workspace_id)"
EXIT_CODE=1
fi
else
# Must contain at least one tenant_id = sqlc.arg(...) or sqlc.narg(...) filter.
if ! grep -Eq 'tenant_id[[:space:]]*=[[:space:]]*sqlc\.(n?arg)\(' "$f"; then
echo "ERROR: $f must filter on tenant_id = sqlc.(n?arg)(...)"
EXIT_CODE=1
fi
fi
# Reject cosmetic "tenant_id IS NOT NULL" that bypasses actor scoping.
@@ -45,7 +70,7 @@ for f in "$QUERY_DIR"/*.sql; do
done
if [ "$EXIT_CODE" -eq 0 ]; then
echo "All non-exempt query files contain tenant_id = sqlc.arg filters."
echo "All non-exempt query files contain tenant_id or approved workspace_id scope filters."
fi
exit $EXIT_CODE