likwid/backend/migrations/20260128113000_moderation_ledger_delete_guard_fix.sql

-- Fix moderation ledger delete protection: missing allow_ledger_delete setting must default to false

CREATE OR REPLACE FUNCTION ledger_prevent_delete()
RETURNS TRIGGER AS $$
BEGIN
    -- Allow deletion only by superuser (for legal compliance like GDPR)
    IF NOT COALESCE(current_setting('likwid.allow_ledger_delete', true), 'false')::boolean THEN
        RAISE EXCEPTION 'Moderation ledger entries cannot be deleted. Set likwid.allow_ledger_delete = true for legal compliance deletions.';
    END IF;

    -- Log the deletion attempt
    INSERT INTO ledger_deletion_log (entry_id, deleted_by, reason)
    VALUES (OLD.id, current_user, current_setting('likwid.deletion_reason', true));

    RETURN OLD;
END;
$$ LANGUAGE plpgsql;
backend(migrations): demo seed fixes and deterministic IDs 2026-01-28 23:37:50 +00:00			`-- Fix moderation ledger delete protection: missing allow_ledger_delete setting must default to false`

			`CREATE OR REPLACE FUNCTION ledger_prevent_delete()`
			`RETURNS TRIGGER AS $$`
			`BEGIN`
			`-- Allow deletion only by superuser (for legal compliance like GDPR)`
			`IF NOT COALESCE(current_setting('likwid.allow_ledger_delete', true), 'false')::boolean THEN`
			`RAISE EXCEPTION 'Moderation ledger entries cannot be deleted. Set likwid.allow_ledger_delete = true for legal compliance deletions.';`
			`END IF;`

			`-- Log the deletion attempt`
			`INSERT INTO ledger_deletion_log (entry_id, deleted_by, reason)`
			`VALUES (OLD.id, current_user, current_setting('likwid.deletion_reason', true));`

			`RETURN OLD;`
			`END;`
			`$$ LANGUAGE plpgsql;`