Add collaborator page

rest-api/db/migrations/20240720132802_exposed_views_functions.sql

@@ -1,4 +1,11 @@
 -- migrate:up
+CREATE VIEW api.account
+WITH (security_invoker = on)
+AS
+SELECT id, username
+FROM internal.user
+WHERE id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID;
+
 CREATE VIEW api.user
 WITH (security_invoker = on)
 AS
@@ -151,6 +158,7 @@ GRANT EXECUTE ON FUNCTION api.create_website(VARCHAR(10), VARCHAR(50)) TO authen
 
 -- Security invoker only works on views if the user has access to the underlying table
 GRANT SELECT ON internal.user TO authenticated_user;
+GRANT SELECT ON api.account TO authenticated_user;
 GRANT SELECT ON api.user TO authenticated_user;
 GRANT SELECT, UPDATE, DELETE ON internal.website TO authenticated_user;
 GRANT SELECT, UPDATE, DELETE ON api.website TO authenticated_user;
@@ -193,4 +201,5 @@ DROP VIEW api.header;
 DROP VIEW api.settings;
 DROP VIEW api.media;
 DROP VIEW api.website;
-DROP VIEW api.user;
+DROP VIEW api.user;
+DROP VIEW api.account;

rest-api/db/migrations/20240724191017_row_level_security.sql

@@ -8,9 +8,9 @@ ALTER TABLE internal.home ENABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.article ENABLE ROW LEVEL SECURITY;
 ALTER TABLE internal.footer ENABLE ROW LEVEL SECURITY;
 
-CREATE POLICY view_own_user ON internal.user
+CREATE POLICY view_user ON internal.user
 FOR SELECT
-USING (id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID);
+USING (true);
 
 CREATE POLICY view_own_websites ON internal.website
 FOR SELECT
@@ -179,7 +179,7 @@ USING (
 
 
 -- migrate:down
-DROP POLICY view_own_user ON internal.user;
+DROP POLICY view_user ON internal.user;
 DROP POLICY view_own_websites ON internal.website;
 DROP POLICY delete_own_website ON internal.website;
 DROP POLICY update_own_website ON internal.website;

rest-api/db/migrations/20240805151318_rls_collab_table.sql

@@ -0,0 +1,54 @@
+-- migrate:up
+ALTER TABLE internal.collab ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY view_collaborations ON internal.collab
+FOR SELECT
+USING (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+CREATE POLICY insert_collaborations ON internal.collab
+FOR INSERT
+WITH CHECK (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+CREATE POLICY update_collaborations ON internal.collab
+FOR UPDATE
+USING (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+CREATE POLICY delete_collaborations ON internal.collab
+FOR DELETE
+USING (
+  EXISTS (
+    SELECT 1
+    FROM internal.website
+    WHERE internal.website.id = internal.collab.website_id
+    AND internal.website.owner_id = (current_setting('request.jwt.claims', true)::json->>'user_id')::UUID
+  )
+);
+
+-- migrate:down
+DROP POLICY view_collaborations ON internal.collab;
+DROP POLICY insert_collaborations ON internal.collab;
+DROP POLICY update_collaborations ON internal.collab;
+DROP POLICY delete_collaborations ON internal.collab;
+
+ALTER TABLE internal.collab DISABLE ROW LEVEL SECURITY;