feat(database): Add trigger to set impersonation on first user #9195
+18
−12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
Adds a PostgreSQL trigger to automatically grant impersonation privileges to the first user created in the system, with self-cleanup functionality after initial user creation.
- Added trigger
insert_user_triggerinpackages/twenty-server/src/database/typeorm/core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.tsthat setscanImpersonate=truefor first user - Potential race condition identified: concurrent user inserts could result in multiple users getting impersonation rights due to non-atomic check
- Implemented self-cleanup via
delete_first_user_trigger()function that removes the trigger after first user creation - Migration includes complete rollback functionality to remove trigger and associated functions
1 file(s) reviewed, 3 comment(s)
Edit PR Review Bot Settings | Greptile
.../core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
Outdated
Show resolved
Hide resolved
.../core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
Outdated
Show resolved
Hide resolved
.../core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
Outdated
Show resolved
Hide resolved
Introduced a trigger to automatically set `canImpersonate` to true for the first user inserted into the `core.user` table. The trigger is removed after the first user is added to ensure this behavior only applies to the initial user. Includes both the creation and rollback logic for the migration.
Removed the database trigger for setting `canImpersonate` for the first user and implemented the logic directly in the `sign-in-up.service`. This simplifies the code by handling the first user creation within the application layer, ensuring better maintainability.
AMoreaux
force-pushed
the
feat/can-impersonate-to-true-for-first-user
branch
from
3ce581b to
1b9aa15
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduced a trigger to automatically set
canImpersonateto true for the first user inserted into thecore.usertable. The trigger is removed after the first user is added to ensure this behavior only applies to the initial user. Includes both the creation and rollback logic for the migration.Close #9173