From 75aac7b1bcf212d20f968a26c7911a7cee9bfddc Mon Sep 17 00:00:00 2001
From: thiloho <123883702+thiloho@users.noreply.github.com>
Date: Wed, 7 Aug 2024 16:25:05 +0200
Subject: [PATCH] Add user id field to article table

---
 .../migrations/20240719071602_main_tables.sql |  7 +--
 ...20240720132802_exposed_views_functions.sql | 10 ++--
 .../20240724191017_row_level_security.sql     | 53 +++++++++++++++++-
 .../20240805151318_rls_collab_table.sql       | 54 -------------------
 .../[websiteId]/articles/+page.server.ts      |  3 +-
 5 files changed, 65 insertions(+), 62 deletions(-)
 delete mode 100644 rest-api/db/migrations/20240805151318_rls_collab_table.sql

diff --git a/rest-api/db/migrations/20240719071602_main_tables.sql b/rest-api/db/migrations/20240719071602_main_tables.sql
index 3d45994..67cc7f5 100644
--- a/rest-api/db/migrations/20240719071602_main_tables.sql
+++ b/rest-api/db/migrations/20240719071602_main_tables.sql
@@ -71,12 +71,13 @@ CREATE TABLE internal.home (
 CREATE TABLE internal.article (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
   website_id UUID REFERENCES internal.website(id) ON DELETE CASCADE NOT NULL,
+  user_id UUID REFERENCES internal.user(id) ON DELETE SET NULL,
   title VARCHAR(100) NOT NULL CHECK (trim(title) <> ''),
-  meta_description VARCHAR(250) NOT NULL CHECK (trim(meta_description) <> ''),
-  meta_author VARCHAR(100) NOT NULL CHECK (trim(meta_author) <> ''),
+  meta_description VARCHAR(250) CHECK (trim(meta_description) <> ''),
+  meta_author VARCHAR(100) CHECK (trim(meta_author) <> ''),
   cover_image UUID REFERENCES internal.media(id) ON DELETE SET NULL,
   publication_date DATE NOT NULL DEFAULT CURRENT_DATE,
-  main_content TEXT NOT NULL CHECK (trim(main_content) <> ''),
+  main_content TEXT CHECK (trim(main_content) <> ''),
   created_at TIMESTAMPTZ NOT NULL DEFAULT CLOCK_TIMESTAMP(),
   last_modified_at TIMESTAMPTZ NOT NULL DEFAULT CLOCK_TIMESTAMP(),
   last_modified_by UUID REFERENCES internal.user(id) ON DELETE SET NULL
diff --git a/rest-api/db/migrations/20240720132802_exposed_views_functions.sql b/rest-api/db/migrations/20240720132802_exposed_views_functions.sql
index 78953bf..3145115 100644
--- a/rest-api/db/migrations/20240720132802_exposed_views_functions.sql
+++ b/rest-api/db/migrations/20240720132802_exposed_views_functions.sql
@@ -77,6 +77,7 @@ AS
 SELECT
   id,
   website_id,
+  user_id,
   title,
   meta_description,
   meta_author,
@@ -126,7 +127,10 @@ CREATE FUNCTION
 api.create_website(content_type VARCHAR(10), title VARCHAR(50), OUT website_id UUID) AS $$
 DECLARE
   _website_id UUID;
+  _user_id UUID;
 BEGIN
+  _user_id := (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID;
+
   INSERT INTO internal.website (content_type, title)
   VALUES (create_website.content_type, create_website.title)
   RETURNING id INTO _website_id;
@@ -141,10 +145,10 @@ BEGIN
   VALUES
     (_website_id, '## Main content comes in here');
 
-  INSERT INTO internal.article (website_id, title, meta_description, meta_author, main_content)
+  INSERT INTO internal.article (website_id, user_id, title, meta_description, meta_author, main_content)
   VALUES
-    (_website_id, 'First article', 'This is the first sample article', 'Author Name', '## First article'),
-    (_website_id, 'Second article', 'This is the second sample article', 'Author Name', '## Second article');
+    (_website_id, _user_id, 'First article', 'This is the first sample article', 'Author Name', '## First article'),
+    (_website_id, _user_id, 'Second article', 'This is the second sample article', 'Author Name', '## Second article');
 
   INSERT INTO internal.footer (website_id, additional_text)
   VALUES (_website_id, 'This website was created with archtika'); 
diff --git a/rest-api/db/migrations/20240724191017_row_level_security.sql b/rest-api/db/migrations/20240724191017_row_level_security.sql
index 107200c..4599f47 100644
--- a/rest-api/db/migrations/20240724191017_row_level_security.sql
+++ b/rest-api/db/migrations/20240724191017_row_level_security.sql
@@ -7,6 +7,7 @@ ALTER TABLE internal.header ENABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.home ENABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.article ENABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.footer ENABLE ROW LEVEL SECURITY;
+ALTER TABLE internal.collab ENABLE ROW LEVEL SECURITY;
 
 CREATE POLICY view_user ON internal.user
 FOR SELECT
@@ -178,6 +179,51 @@ USING (
 );
 
 
+CREATE POLICY view_collaborations ON internal.collab
+FOR SELECT
+USING (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+CREATE POLICY insert_collaborations ON internal.collab
+FOR INSERT
+WITH CHECK (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+CREATE POLICY update_collaborations ON internal.collab
+FOR UPDATE
+USING (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+CREATE POLICY delete_collaborations ON internal.collab
+FOR DELETE
+USING (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+
 -- migrate:down
 DROP POLICY view_user ON internal.user;
 DROP POLICY view_own_websites ON internal.website;
@@ -197,6 +243,10 @@ DROP POLICY delete_own_article ON internal.article;
 DROP POLICY insert_own_article ON internal.article;
 DROP POLICY view_own_footer ON internal.footer;
 DROP POLICY update_own_footer ON internal.footer;
+DROP POLICY view_collaborations ON internal.collab;
+DROP POLICY insert_collaborations ON internal.collab;
+DROP POLICY update_collaborations ON internal.collab;
+DROP POLICY delete_collaborations ON internal.collab;
 
 ALTER TABLE internal.user DISABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.website DISABLE ROW LEVEL SECURITY;
@@ -205,4 +255,5 @@ ALTER TABLE internal.settings DISABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.header DISABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.home DISABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.article DISABLE ROW LEVEL SECURITY;
-ALTER TABLE internal.footer DISABLE ROW LEVEL SECURITY;
\ No newline at end of file
+ALTER TABLE internal.footer DISABLE ROW LEVEL SECURITY;
+ALTER TABLE internal.collab DISABLE ROW LEVEL SECURITY;
\ No newline at end of file
diff --git a/rest-api/db/migrations/20240805151318_rls_collab_table.sql b/rest-api/db/migrations/20240805151318_rls_collab_table.sql
deleted file mode 100644
index 87e1a2e..0000000
--- a/rest-api/db/migrations/20240805151318_rls_collab_table.sql
+++ /dev/null
@@ -1,54 +0,0 @@
--- migrate:up
-ALTER TABLE internal.collab ENABLE ROW LEVEL SECURITY;
-
-CREATE POLICY view_collaborations ON internal.collab
-FOR SELECT
-USING (
-  EXISTS (
-    SELECT 1
-    FROM internal.website
-    WHERE internal.website.id = internal.collab.website_id
-    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
-  )
-);
-
-CREATE POLICY insert_collaborations ON internal.collab
-FOR INSERT
-WITH CHECK (
-  EXISTS (
-    SELECT 1
-    FROM internal.website
-    WHERE internal.website.id = internal.collab.website_id
-    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
-  )
-);
-
-CREATE POLICY update_collaborations ON internal.collab
-FOR UPDATE
-USING (
-  EXISTS (
-    SELECT 1
-    FROM internal.website
-    WHERE internal.website.id = internal.collab.website_id
-    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
-  )
-);
-
-CREATE POLICY delete_collaborations ON internal.collab
-FOR DELETE
-USING (
-  EXISTS (
-    SELECT 1
-    FROM internal.website
-    WHERE internal.website.id = internal.collab.website_id
-    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
-  )
-);
-
--- migrate:down
-DROP POLICY view_collaborations ON internal.collab;
-DROP POLICY insert_collaborations ON internal.collab;
-DROP POLICY update_collaborations ON internal.collab;
-DROP POLICY delete_collaborations ON internal.collab;
-
-ALTER TABLE internal.collab DISABLE ROW LEVEL SECURITY;
\ No newline at end of file
diff --git a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/+page.server.ts b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/+page.server.ts
index 8a24d65..250e1ed 100644
--- a/web-app/src/routes/(authenticated)/website/[websiteId]/articles/+page.server.ts
+++ b/web-app/src/routes/(authenticated)/website/[websiteId]/articles/+page.server.ts
@@ -63,7 +63,7 @@ export const load: PageServerLoad = async ({ params, fetch, cookies, url, parent
 };
 
 export const actions: Actions = {
-  createArticle: async ({ request, fetch, cookies, params }) => {
+  createArticle: async ({ request, fetch, cookies, params, locals }) => {
     const data = await request.formData();
 
     const res = await fetch("http://localhost:3000/article", {
@@ -74,6 +74,7 @@ export const actions: Actions = {
       },
       body: JSON.stringify({
         website_id: params.websiteId,
+        user_id: locals.user.id,
         title: data.get("title")
       })
     });