From 9540d9ccb9d067a75b6fb7f6b94a76b633169673 Mon Sep 17 00:00:00 2001
From: filipriec <filippriec@gmail.com>
Date: Tue, 3 Jun 2025 18:46:57 +0200
Subject: [PATCH] table definitions are now forbidden for user to allocated
 rust autoallocated table columns

---
 .../handlers/post_table_definition.rs              | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/server/src/table_definition/handlers/post_table_definition.rs b/server/src/table_definition/handlers/post_table_definition.rs
index 75387a4..393c280 100644
--- a/server/src/table_definition/handlers/post_table_definition.rs
+++ b/server/src/table_definition/handlers/post_table_definition.rs
@@ -45,6 +45,13 @@ fn map_field_type(field_type: &str) -> Result<&str, Status> {
         .ok_or_else(|| Status::invalid_argument(format!("Invalid field type: {}", field_type)))
 }
 
+fn is_invalid_table_name(table_name: &str) -> bool {
+    table_name.ends_with("_id") ||
+    table_name == "id" ||
+    table_name == "deleted" ||
+    table_name == "created_at"
+}
+
 pub async fn post_table_definition(
     db_pool: &PgPool,
     request: PostTableDefinitionRequest,
@@ -55,6 +62,13 @@ pub async fn post_table_definition(
         .trim_matches('_')
         .to_lowercase();
 
+    // New validation check
+    if is_invalid_table_name(&user_part_cleaned) {
+        return Err(Status::invalid_argument(
+            "Table name cannot be 'id', 'deleted', 'created_at' or end with '_id'"
+        ));
+    }
+
     if !user_part_cleaned.is_empty() && !is_valid_identifier(&user_part_cleaned) {
         return Err(Status::invalid_argument("Invalid table name"));
     } else if user_part_cleaned.is_empty() {