-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(database): Add trigger to set impersonation on first user #9195
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Summary
Adds a PostgreSQL trigger to automatically grant impersonation privileges to the first user created in the system, with self-cleanup functionality after initial user creation.
- Added trigger
insert_user_trigger
inpackages/twenty-server/src/database/typeorm/core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
that setscanImpersonate=true
for first user - Potential race condition identified: concurrent user inserts could result in multiple users getting impersonation rights due to non-atomic check
- Implemented self-cleanup via
delete_first_user_trigger()
function that removes the trigger after first user creation - Migration includes complete rollback functionality to remove trigger and associated functions
1 file(s) reviewed, 3 comment(s)
Edit PR Review Bot Settings | Greptile
.../core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
Outdated
Show resolved
Hide resolved
.../core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
Outdated
Show resolved
Hide resolved
.../core/migrations/common/1734950137596-add-trigger-to-update-can-impersonate-on-first-user.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! As discussed in DM I think it would be best to avoid using Triggers which are hard to monitor and not a pattern we use
Introduced a trigger to automatically set `canImpersonate` to true for the first user inserted into the `core.user` table. The trigger is removed after the first user is added to ensure this behavior only applies to the initial user. Includes both the creation and rollback logic for the migration.
Removed the database trigger for setting `canImpersonate` for the first user and implemented the logic directly in the `sign-in-up.service`. This simplifies the code by handling the first user creation within the application layer, ensuring better maintainability.
3ce581b
to
1b9aa15
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great!
Thanks @AMoreaux for your contribution! |
Introduced a trigger to automatically set
canImpersonate
to true for the first user inserted into thecore.user
table. The trigger is removed after the first user is added to ensure this behavior only applies to the initial user. Includes both the creation and rollback logic for the migration.Close #9173