thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 10:51:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add administrator role plus manage dashboard and cleanup database migrations

Browse Source
This commit is contained in:
thiloho
2024-10-08 21:20:44 +02:00
parent c4f1bff2a9
commit 1b74e1e6fb
23 changed files with 625 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
rest-api/db/migrations/20240720074103_user_management_roles_jwt.sql
View File

@@ -13,9 +13,9 @@ BEGIN
FROM
pg_roles AS r
WHERE
r.rolname = NEW.role)) THEN
r.rolname = NEW.user_role)) THEN
RAISE foreign_key_violation
USING message = 'Unknown database role: ' || NEW.role;
USING message = 'Unknown database role: ' || NEW.user_role;
END IF;
RETURN NULL;
END
@@ -48,7 +48,7 @@ CREATE FUNCTION internal.user_role (username TEXT, pass TEXT, OUT role_name NAME
AS $$
BEGIN
SELECT
u.role INTO role_name
u.user_role INTO role_name
FROM
internal.user AS u
WHERE
@@ -96,8 +96,17 @@ BEGIN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one special character';
ELSE
INSERT INTO internal.user (username, password_hash)
VALUES (register.username, register.pass)
INSERT INTO internal.user (username, password_hash, user_role)
SELECT
register.username,
register.pass,
CASE WHEN COUNT(*) = 0 THEN
'administrator'
ELSE
'authenticated_user'
END
FROM
internal.user
RETURNING
id INTO user_id;
END IF;
@@ -111,7 +120,7 @@ AS $$
DECLARE
_role NAME;
_user_id UUID;
_exp INTEGER := EXTRACT(EPOCH FROM CLOCK_TIMESTAMP())::INTEGER + 86400;
_exp INT := EXTRACT(EPOCH FROM CLOCK_TIMESTAMP())::INT + 86400;
BEGIN
SELECT
internal.user_role (login.username, login.pass) INTO _role;
@@ -154,28 +163,28 @@ $$
LANGUAGE plpgsql
SECURITY DEFINER;
GRANT EXECUTE ON FUNCTION api.register (TEXT, TEXT) TO anon;
GRANT EXECUTE ON FUNCTION api.register TO anon;
GRANT EXECUTE ON FUNCTION api.login (TEXT, TEXT) TO anon;
GRANT EXECUTE ON FUNCTION api.login TO anon;
GRANT EXECUTE ON FUNCTION api.delete_account (TEXT) TO authenticated_user;
GRANT EXECUTE ON FUNCTION api.delete_account TO authenticated_user;
-- migrate:down
DROP TRIGGER encrypt_pass ON internal.user;
DROP TRIGGER ensure_user_role_exists ON internal.user;
DROP FUNCTION api.register (TEXT, TEXT);
DROP FUNCTION api.register;
DROP FUNCTION api.login (TEXT, TEXT);
DROP FUNCTION api.login;
DROP FUNCTION api.delete_account (TEXT);
DROP FUNCTION api.delete_account;
DROP FUNCTION internal.user_role (TEXT, TEXT);
DROP FUNCTION internal.user_role;
DROP FUNCTION internal.encrypt_pass ();
DROP FUNCTION internal.encrypt_pass;
DROP FUNCTION internal.check_role_exists ();
DROP FUNCTION internal.check_role_exists;
DROP EXTENSION pgjwt;