-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
24 changed files
with
176 additions
and
125 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,24 @@ | ||
CREATE OR REPLACE FUNCTION api.create_user(username text) | ||
RETURNS bigint | ||
LANGUAGE sql | ||
LANGUAGE plpgsql | ||
SECURITY DEFINER | ||
SET search_path TO public, pg_temp | ||
AS $$ | ||
DECLARE | ||
_user_id bigint; | ||
BEGIN | ||
INSERT INTO users | ||
(username, parent_user_id) | ||
VALUES | ||
(username, user_id()) | ||
RETURNING user_id | ||
INTO STRICT _user_id; | ||
|
||
PERFORM api.grant_role_to_user( | ||
role_id := (SELECT role_id FROM roles WHERE role_name = 'signed-in'), | ||
user_id := _user_id | ||
); | ||
|
||
RETURN _user_id; | ||
END | ||
$$; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,5 +15,5 @@ IF NOT check_resource_access(_resource_id) THEN | |
RAISE insufficient_privilege; | ||
END IF; | ||
RETURN; | ||
END; | ||
END | ||
$$; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
CREATE OR REPLACE FUNCTION has_role(role_name text) | ||
RETURNS boolean | ||
STABLE | ||
LANGUAGE sql | ||
SECURITY DEFINER | ||
SET search_path TO public, pg_temp | ||
AS $$ | ||
SELECT EXISTS ( | ||
SELECT 1 | ||
FROM role_memberships | ||
JOIN roles | ||
ON roles.role_id = role_memberships.role_id | ||
WHERE role_memberships.user_id = user_id() | ||
AND roles.role_name = has_role.role_name | ||
) | ||
$$; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -41,5 +41,5 @@ INTO STRICT _resource_id; | |
|
||
RETURN _resource_id; | ||
|
||
END; | ||
END | ||
$$; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,9 @@ | ||
CREATE TABLE permissions ( | ||
permission_id integer NOT NULL GENERATED ALWAYS AS IDENTITY, | ||
role_id integer NOT NULL REFERENCES roles, | ||
resource_id integer NOT NULL REFERENCES resources, | ||
PRIMARY KEY (role_id, resource_id) | ||
PRIMARY KEY (permission_id), | ||
UNIQUE (role_id, resource_id) | ||
); | ||
|
||
SELECT pg_catalog.pg_extension_config_dump('permissions', ''); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
CREATE TABLE role_memberships ( | ||
role_membership_id bigint NOT NULL GENERATED ALWAYS AS IDENTITY, | ||
user_id bigint NOT NULL REFERENCES users, | ||
role_id integer NOT NULL REFERENCES roles, | ||
PRIMARY KEY (role_membership_id), | ||
UNIQUE (user_id, role_id) | ||
); | ||
|
||
SELECT pg_catalog.pg_extension_config_dump('role_memberships', ''); |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,7 @@ | ||
CREATE OR REPLACE VIEW api.credentials WITH (security_barrier) AS | ||
CREATE OR REPLACE VIEW api.credentials AS | ||
SELECT | ||
credentials.credential_id, | ||
credentials.device_name, | ||
users.username, | ||
credentials.user_id, | ||
credentials.valid | ||
FROM credentials | ||
JOIN users | ||
ON users.user_id = credentials.user_id | ||
WHERE credentials.user_id = user_id(); | ||
credential_id, | ||
device_name, | ||
user_id, | ||
valid | ||
FROM credentials; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,7 @@ | ||
CREATE OR REPLACE VIEW api.resources WITH (security_barrier) AS | ||
CREATE OR REPLACE VIEW api.resources AS | ||
SELECT | ||
resource_id, | ||
resource_type, | ||
resource_name, | ||
resource_path | ||
FROM resources | ||
WHERE check_resource_access(resource_id); | ||
FROM resources; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
CREATE OR REPLACE VIEW api.role_memberships AS | ||
SELECT | ||
role_memberships.role_membership_id, | ||
role_memberships.user_id, | ||
roles.role_name | ||
FROM role_memberships | ||
JOIN roles | ||
ON roles.role_id = role_memberships.role_id; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
CREATE OR REPLACE VIEW api.user_credentials WITH (security_barrier) AS | ||
SELECT | ||
credential_id, | ||
device_name, | ||
valid | ||
FROM credentials | ||
WHERE user_id = user_id(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
CREATE OR REPLACE VIEW api.user_resources WITH (security_barrier) AS | ||
SELECT | ||
resource_id, | ||
resource_type, | ||
resource_name, | ||
resource_path | ||
FROM resources | ||
WHERE check_resource_access(resource_id); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
CREATE OR REPLACE VIEW api.user_role_memberships AS | ||
SELECT | ||
roles.role_name | ||
FROM role_memberships | ||
JOIN roles | ||
ON roles.role_id = role_memberships.role_id | ||
WHERE role_memberships.user_id = user_id(); |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.