Update policies for collaborators for stricter rules

2025-11-22 02:41:35 +01:00 · 2024-08-08 16:30:01 +02:00
parent bcc26322d3
commit 837729c83c
8 changed files with 85 additions and 26 deletions
--- a/rest-api/db/migrations/20240808141708_collaborator_not_owner.sql
+++ b/rest-api/db/migrations/20240808141708_collaborator_not_owner.sql
@@ -0,0 +1,24 @@
+-- migrate:up
+CREATE FUNCTION internal.check_user_not_website_owner()
+RETURNS TRIGGER AS $$
+BEGIN
+  IF EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE id = NEW.website_id AND user_id = NEW.user_id
+  ) THEN
+    RAISE foreign_key_violation USING MESSAGE = 'User cannot be added as a collaborator to their own website';
+  END IF;
+
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE CONSTRAINT TRIGGER check_user_not_website_owner
+AFTER INSERT ON internal.collab
+FOR EACH ROW
+EXECUTE FUNCTION internal.check_user_not_website_owner();
+
+-- migrate:down
+DROP TRIGGER check_user_not_website_owner ON internal.collab;
+DROP FUNCTION internal.check_user_not_website_owner();