From 7fb5e21f28fc70ea7bcbb6e764cd54cb5f0a899b Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Fri, 19 Jan 2024 15:16:07 +0100 Subject: [PATCH 001/105] feat(recommendation): add enum and tables needed for event recommendation --- src/deploy/enum_event_category.sql | 24 +++++++++++++++++++++ src/deploy/table_event_category_mapping.sql | 11 ++++++++++ src/deploy/table_event_recommendation.sql | 13 +++++++++++ src/deploy/table_user_interest.sql | 12 +++++++++++ src/revert/enum_event_category.sql | 7 ++++++ src/revert/table_event_category_mapping.sql | 7 ++++++ src/revert/table_event_recommendation.sql | 7 ++++++ src/revert/table_user_interest.sql | 7 ++++++ src/sqitch.plan | 4 ++++ src/verify/enum_event_category.sql | 10 +++++++++ src/verify/table_event_category_mapping.sql | 9 ++++++++ src/verify/table_event_recommendation.sql | 11 ++++++++++ src/verify/table_user_interest.sql | 9 ++++++++ 13 files changed, 131 insertions(+) create mode 100644 src/deploy/enum_event_category.sql create mode 100644 src/deploy/table_event_category_mapping.sql create mode 100644 src/deploy/table_event_recommendation.sql create mode 100644 src/deploy/table_user_interest.sql create mode 100644 src/revert/enum_event_category.sql create mode 100644 src/revert/table_event_category_mapping.sql create mode 100644 src/revert/table_event_recommendation.sql create mode 100644 src/revert/table_user_interest.sql create mode 100644 src/verify/enum_event_category.sql create mode 100644 src/verify/table_event_category_mapping.sql create mode 100644 src/verify/table_event_recommendation.sql create mode 100644 src/verify/table_user_interest.sql diff --git a/src/deploy/enum_event_category.sql b/src/deploy/enum_event_category.sql new file mode 100644 index 00000000..bca5c304 --- /dev/null +++ b/src/deploy/enum_event_category.sql @@ -0,0 +1,24 @@ +-- Deploy maevsi:enum_event_category to pg + +BEGIN; + +CREATE TYPE maevsi.event_category AS ENUM ( + 'bar', + 'charities', + 'culture', + 'fashion', + 'festival', + 'film', + 'food_and_drinks', + 'kids_and_family', + 'lectures_and_books', + 'music', + 'networking', + 'nightlife', + 'performing_arts', + 'seminars', + 'sports_and_active_life', + 'visual_arts', +); + +COMMIT; diff --git a/src/deploy/table_event_category_mapping.sql b/src/deploy/table_event_category_mapping.sql new file mode 100644 index 00000000..042f07e3 --- /dev/null +++ b/src/deploy/table_event_category_mapping.sql @@ -0,0 +1,11 @@ +-- Deploy maevsi:table_event_category_mapping to pg + +BEGIN; + +CREATE TABLE maevsi.event_category_mapping ( + event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, + category event_category NOT NULL, + PRIMARY KEY (event_id, category) +); + +COMMIT; diff --git a/src/deploy/table_event_recommendation.sql b/src/deploy/table_event_recommendation.sql new file mode 100644 index 00000000..e4948126 --- /dev/null +++ b/src/deploy/table_event_recommendation.sql @@ -0,0 +1,13 @@ +-- Deploy maevsi:table_event_recommendation to pg + +BEGIN; + +CREATE TABLE maevsi.event_recommendation ( + user_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, + score float(8), + predicted_score float(8), + PRIMARY KEY (user_id, event_id) +); + +COMMIT; diff --git a/src/deploy/table_user_interest.sql b/src/deploy/table_user_interest.sql new file mode 100644 index 00000000..e14fa9f0 --- /dev/null +++ b/src/deploy/table_user_interest.sql @@ -0,0 +1,12 @@ +-- Deploy maevsi:table_user_interest to pg + +BEGIN; + +CREATE TABLE maevsi.user_interest ( + user_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + category event_category NOT NULL, + PRIMARY KEY (user_id, category) +); + + +COMMIT; diff --git a/src/revert/enum_event_category.sql b/src/revert/enum_event_category.sql new file mode 100644 index 00000000..e4ad96ef --- /dev/null +++ b/src/revert/enum_event_category.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:enum_event_category from pg + +BEGIN; + +DROP TYPE maevsi.event_category; + +COMMIT; diff --git a/src/revert/table_event_category_mapping.sql b/src/revert/table_event_category_mapping.sql new file mode 100644 index 00000000..a846e122 --- /dev/null +++ b/src/revert/table_event_category_mapping.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_event_category_mapping from pg + +BEGIN; + +DROP TABLE maevsi.event_category_mapping; + +COMMIT; diff --git a/src/revert/table_event_recommendation.sql b/src/revert/table_event_recommendation.sql new file mode 100644 index 00000000..65fd67b3 --- /dev/null +++ b/src/revert/table_event_recommendation.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_event_recommendation from pg + +BEGIN; + +DROP TABLE maevsi.event_recommendation; + +COMMIT; diff --git a/src/revert/table_user_interest.sql b/src/revert/table_user_interest.sql new file mode 100644 index 00000000..e4c2ea00 --- /dev/null +++ b/src/revert/table_user_interest.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_user_interest from pg + +BEGIN; + +DROP TABLE maevsi.table_user_interest; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 495b1c20..d9b0556f 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -62,3 +62,7 @@ function_notification_acknowledge [privilege_execute_revoke schema_public schema function_account_upload_quota_bytes [privilege_execute_revoke schema_public schema_private table_account_private role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Gets the total upload quota in bytes for the invoking account. database_grafana 1970-01-01T00:00:00Z Jonas Thelemann # Create observation dashboard's database. role_grafana [database_grafana] 1970-01-01T00:00:00Z Jonas Thelemann # Add role grafana. +enum_event_category 2024-01-19T14:03:33Z marlon # enum_event_category\n deploy/enum_event_category.sql\n revert/enum_event_category.sql\n verify/enum_event_category.sql +table_user_interest 2024-01-19T14:06:54Z marlon # table_user_interest\n deploy/table_user_interest.sql\n revert/table_user_interest.sql\n verify/table_user_interest.sql +table_event_category_mapping 2024-01-19T14:10:16Z marlon # table_event_category_mapping\n deploy/table_event_category_mapping.sql\n revert/table_event_category_mapping.sql\n verify/table_event_category_mapping.sql +table_event_recommendation 2024-01-19T14:12:12Z marlon # table_event_recommendation\n deploy/table_event_recommendation.sql\n revert/table_event_recommendation.sql\n verify/table_event_recommendation.sql diff --git a/src/verify/enum_event_category.sql b/src/verify/enum_event_category.sql new file mode 100644 index 00000000..1fecf8d5 --- /dev/null +++ b/src/verify/enum_event_category.sql @@ -0,0 +1,10 @@ +-- Verify maevsi:enum_event_category on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_type_privilege('maevsi.event_category', 'USAGE')); +END $$; + +ROLLBACK; diff --git a/src/verify/table_event_category_mapping.sql b/src/verify/table_event_category_mapping.sql new file mode 100644 index 00000000..d6d30055 --- /dev/null +++ b/src/verify/table_event_category_mapping.sql @@ -0,0 +1,9 @@ +-- Verify maevsi:table_event_category_mapping on pg + +BEGIN; + +SELECT event_id, + category +FROM maevsi.table_event_category_mapping WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_event_recommendation.sql b/src/verify/table_event_recommendation.sql new file mode 100644 index 00000000..dabb099e --- /dev/null +++ b/src/verify/table_event_recommendation.sql @@ -0,0 +1,11 @@ +-- Verify maevsi:table_event_recommendation on pg + +BEGIN; + +SELECT user_id, + event_id, + score, + predicted_score +FROM maevsi.table_event_recommendation WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_user_interest.sql b/src/verify/table_user_interest.sql new file mode 100644 index 00000000..b9990422 --- /dev/null +++ b/src/verify/table_user_interest.sql @@ -0,0 +1,9 @@ +-- Verify maevsi:table_user_interest on pg + +BEGIN; + +SELECT user_id, + category +FROM maevsi.table_user_interest WHERE FALSE; + +ROLLBACK; From cc5be2d7f0db3a251337325ec0b3aa822d0f8482 Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Thu, 25 Jan 2024 21:28:18 +0100 Subject: [PATCH 002/105] fix(schema): remove table prefix so schema can be build --- schema/schema.definition.sql | 120 ++++++++++++++++++++ src/deploy/enum_event_category.sql | 2 +- src/deploy/table_event_category_mapping.sql | 2 +- src/deploy/table_user_interest.sql | 2 +- src/revert/table_user_interest.sql | 2 +- src/verify/table_event_category_mapping.sql | 2 +- src/verify/table_event_recommendation.sql | 2 +- src/verify/table_user_interest.sql | 2 +- 8 files changed, 127 insertions(+), 7 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 53ef991b..42f965e8 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -76,6 +76,32 @@ CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA maevsi; COMMENT ON EXTENSION pgcrypto IS 'Provides password hashing functions.'; +-- +-- Name: event_category; Type: TYPE; Schema: maevsi; Owner: postgres +-- + +CREATE TYPE maevsi.event_category AS ENUM ( + 'bar', + 'charities', + 'culture', + 'fashion', + 'festival', + 'film', + 'food_and_drinks', + 'kids_and_family', + 'lectures_and_books', + 'music', + 'networking', + 'nightlife', + 'performing_arts', + 'seminars', + 'sports_and_active_life', + 'visual_arts' +); + + +ALTER TYPE maevsi.event_category OWNER TO postgres; + -- -- Name: jwt; Type: TYPE; Schema: maevsi; Owner: postgres -- @@ -1628,6 +1654,18 @@ COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international p COMMENT ON COLUMN maevsi.contact.url IS 'The contact''s website url.'; +-- +-- Name: event_category_mapping; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.event_category_mapping ( + event_id uuid NOT NULL, + category maevsi.event_category NOT NULL +); + + +ALTER TABLE maevsi.event_category_mapping OWNER TO postgres; + -- -- Name: event_group; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -1740,6 +1778,20 @@ COMMENT ON COLUMN maevsi.event_grouping.event_group_id IS 'The event grouping''s COMMENT ON COLUMN maevsi.event_grouping.event_id IS 'The event grouping''s internal event id.'; +-- +-- Name: event_recommendation; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.event_recommendation ( + user_id uuid NOT NULL, + event_id uuid NOT NULL, + score real, + predicted_score real +); + + +ALTER TABLE maevsi.event_recommendation OWNER TO postgres; + -- -- Name: invitation; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -1840,6 +1892,18 @@ COMMENT ON COLUMN maevsi.profile_picture.account_id IS 'The account''s id.'; COMMENT ON COLUMN maevsi.profile_picture.upload_id IS 'The upload''s id.'; +-- +-- Name: user_interest; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.user_interest ( + user_id uuid NOT NULL, + category maevsi.event_category NOT NULL +); + + +ALTER TABLE maevsi.user_interest OWNER TO postgres; + -- -- Name: account; Type: TABLE; Schema: maevsi_private; Owner: postgres -- @@ -2565,6 +2629,14 @@ ALTER TABLE ONLY maevsi.event ADD CONSTRAINT event_author_account_id_slug_key UNIQUE (author_account_id, slug); +-- +-- Name: event_category_mapping event_category_mapping_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_category_mapping + ADD CONSTRAINT event_category_mapping_pkey PRIMARY KEY (event_id, category); + + -- -- Name: event_group event_group_author_account_id_slug_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -2605,6 +2677,14 @@ ALTER TABLE ONLY maevsi.event ADD CONSTRAINT event_pkey PRIMARY KEY (id); +-- +-- Name: event_recommendation event_recommendation_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_recommendation + ADD CONSTRAINT event_recommendation_pkey PRIMARY KEY (user_id, event_id); + + -- -- Name: invitation invitation_event_id_contact_id_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -2653,6 +2733,14 @@ ALTER TABLE ONLY maevsi.upload ADD CONSTRAINT upload_storage_key_key UNIQUE (storage_key); +-- +-- Name: user_interest user_interest_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.user_interest + ADD CONSTRAINT user_interest_pkey PRIMARY KEY (user_id, category); + + -- -- Name: account account_email_address_key; Type: CONSTRAINT; Schema: maevsi_private; Owner: postgres -- @@ -2916,6 +3004,14 @@ ALTER TABLE ONLY maevsi.event ADD CONSTRAINT event_author_account_id_fkey FOREIGN KEY (author_account_id) REFERENCES maevsi.account(id); +-- +-- Name: event_category_mapping event_category_mapping_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_category_mapping + ADD CONSTRAINT event_category_mapping_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; + + -- -- Name: event_group event_group_author_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -2940,6 +3036,22 @@ ALTER TABLE ONLY maevsi.event_grouping ADD CONSTRAINT event_grouping_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id); +-- +-- Name: event_recommendation event_recommendation_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_recommendation + ADD CONSTRAINT event_recommendation_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; + + +-- +-- Name: event_recommendation event_recommendation_user_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_recommendation + ADD CONSTRAINT event_recommendation_user_id_fkey FOREIGN KEY (user_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; + + -- -- Name: invitation invitation_contact_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -2980,6 +3092,14 @@ ALTER TABLE ONLY maevsi.upload ADD CONSTRAINT upload_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id); +-- +-- Name: user_interest user_interest_user_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.user_interest + ADD CONSTRAINT user_interest_user_id_fkey FOREIGN KEY (user_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; + + -- -- Name: changes changes_project_fkey; Type: FK CONSTRAINT; Schema: sqitch; Owner: postgres -- diff --git a/src/deploy/enum_event_category.sql b/src/deploy/enum_event_category.sql index bca5c304..c8374943 100644 --- a/src/deploy/enum_event_category.sql +++ b/src/deploy/enum_event_category.sql @@ -18,7 +18,7 @@ CREATE TYPE maevsi.event_category AS ENUM ( 'performing_arts', 'seminars', 'sports_and_active_life', - 'visual_arts', + 'visual_arts' ); COMMIT; diff --git a/src/deploy/table_event_category_mapping.sql b/src/deploy/table_event_category_mapping.sql index 042f07e3..5eb47b1f 100644 --- a/src/deploy/table_event_category_mapping.sql +++ b/src/deploy/table_event_category_mapping.sql @@ -4,7 +4,7 @@ BEGIN; CREATE TABLE maevsi.event_category_mapping ( event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, - category event_category NOT NULL, + category maevsi.event_category NOT NULL, PRIMARY KEY (event_id, category) ); diff --git a/src/deploy/table_user_interest.sql b/src/deploy/table_user_interest.sql index e14fa9f0..545a8928 100644 --- a/src/deploy/table_user_interest.sql +++ b/src/deploy/table_user_interest.sql @@ -4,7 +4,7 @@ BEGIN; CREATE TABLE maevsi.user_interest ( user_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, - category event_category NOT NULL, + category maevsi.event_category NOT NULL, PRIMARY KEY (user_id, category) ); diff --git a/src/revert/table_user_interest.sql b/src/revert/table_user_interest.sql index e4c2ea00..01f172f1 100644 --- a/src/revert/table_user_interest.sql +++ b/src/revert/table_user_interest.sql @@ -2,6 +2,6 @@ BEGIN; -DROP TABLE maevsi.table_user_interest; +DROP TABLE maevsi.user_interest; COMMIT; diff --git a/src/verify/table_event_category_mapping.sql b/src/verify/table_event_category_mapping.sql index d6d30055..e716087e 100644 --- a/src/verify/table_event_category_mapping.sql +++ b/src/verify/table_event_category_mapping.sql @@ -4,6 +4,6 @@ BEGIN; SELECT event_id, category -FROM maevsi.table_event_category_mapping WHERE FALSE; +FROM maevsi.event_category_mapping WHERE FALSE; ROLLBACK; diff --git a/src/verify/table_event_recommendation.sql b/src/verify/table_event_recommendation.sql index dabb099e..a07df469 100644 --- a/src/verify/table_event_recommendation.sql +++ b/src/verify/table_event_recommendation.sql @@ -6,6 +6,6 @@ SELECT user_id, event_id, score, predicted_score -FROM maevsi.table_event_recommendation WHERE FALSE; +FROM maevsi.event_recommendation WHERE FALSE; ROLLBACK; diff --git a/src/verify/table_user_interest.sql b/src/verify/table_user_interest.sql index b9990422..7ffefcad 100644 --- a/src/verify/table_user_interest.sql +++ b/src/verify/table_user_interest.sql @@ -4,6 +4,6 @@ BEGIN; SELECT user_id, category -FROM maevsi.table_user_interest WHERE FALSE; +FROM maevsi.user_interest WHERE FALSE; ROLLBACK; From 280f47b8fd93ee871f2bd25ba2daeaf5e496b84f Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Thu, 25 Jan 2024 22:45:02 +0100 Subject: [PATCH 003/105] feat(policy): add policy to recommendation tables --- .../table_event_category_mapping_policy.sql | 14 +++++++++ .../table_event_recommendation_policy.sql | 7 +++++ src/deploy/table_user_interest_policy.sql | 30 +++++++++++++++++++ .../table_event_category_mapping_policy.sql | 7 +++++ .../table_event_recommendation_policy.sql | 7 +++++ src/revert/table_user_interest_policy.sql | 7 +++++ src/sqitch.plan | 5 +++- .../table_event_category_mapping_policy.sql | 7 +++++ .../table_event_recommendation_policy.sql | 7 +++++ src/verify/table_user_interest_policy.sql | 7 +++++ 10 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 src/deploy/table_event_category_mapping_policy.sql create mode 100644 src/deploy/table_event_recommendation_policy.sql create mode 100644 src/deploy/table_user_interest_policy.sql create mode 100644 src/revert/table_event_category_mapping_policy.sql create mode 100644 src/revert/table_event_recommendation_policy.sql create mode 100644 src/revert/table_user_interest_policy.sql create mode 100644 src/verify/table_event_category_mapping_policy.sql create mode 100644 src/verify/table_event_recommendation_policy.sql create mode 100644 src/verify/table_user_interest_policy.sql diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql new file mode 100644 index 00000000..a6f1b429 --- /dev/null +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -0,0 +1,14 @@ +-- Deploy maevsi:table_event_category_mapping_policy to pg + +BEGIN; + +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; + +-- SELECT: +-- * Every event that is public, mine or that I'm invited to +-- INSERT: +-- * My events +-- DELETE: +-- * My events + +COMMIT; diff --git a/src/deploy/table_event_recommendation_policy.sql b/src/deploy/table_event_recommendation_policy.sql new file mode 100644 index 00000000..78ce3eb5 --- /dev/null +++ b/src/deploy/table_event_recommendation_policy.sql @@ -0,0 +1,7 @@ +-- Deploy maevsi:table_event_recommendation_policy to pg + +BEGIN; + +ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; + +COMMIT; diff --git a/src/deploy/table_user_interest_policy.sql b/src/deploy/table_user_interest_policy.sql new file mode 100644 index 00000000..c98d8b4d --- /dev/null +++ b/src/deploy/table_user_interest_policy.sql @@ -0,0 +1,30 @@ +-- Deploy maevsi:table_user_interest_policy to pg + +BEGIN; + +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.user_interest TO maevsi_account; + +ALTER TABLE maevsi.user_interest ENABLE ROW LEVEL SECURITY; + +-- Only allow selects by the current user. +CREATE POLICY user_interest_select ON maevsi.user_interest FOR SELECT USING ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND + user_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow inserts by the current user. +CREATE POLICY user_interest_insert ON maevsi.user_interest FOR INSERT WITH CHECK ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND + user_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow deletes by the current user. +CREATE POLICY user_interest_delete ON maevsi.user_interest FOR DELETE USING ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND + user_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +COMMIT; diff --git a/src/revert/table_event_category_mapping_policy.sql b/src/revert/table_event_category_mapping_policy.sql new file mode 100644 index 00000000..8eb2933d --- /dev/null +++ b/src/revert/table_event_category_mapping_policy.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_event_category_mapping_policy from pg + +BEGIN; + +-- XXX Add DDLs here. + +COMMIT; diff --git a/src/revert/table_event_recommendation_policy.sql b/src/revert/table_event_recommendation_policy.sql new file mode 100644 index 00000000..b9dd3de4 --- /dev/null +++ b/src/revert/table_event_recommendation_policy.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_event_recommendation_policy from pg + +BEGIN; + +-- XXX Add DDLs here. + +COMMIT; diff --git a/src/revert/table_user_interest_policy.sql b/src/revert/table_user_interest_policy.sql new file mode 100644 index 00000000..ef624754 --- /dev/null +++ b/src/revert/table_user_interest_policy.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_user_interest_policy from pg + +BEGIN; + +-- XXX Add DDLs here. + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index d9b0556f..1de21c1e 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -65,4 +65,7 @@ role_grafana [database_grafana] 1970-01-01T00:00:00Z Jonas Thelemann # enum_event_category\n deploy/enum_event_category.sql\n revert/enum_event_category.sql\n verify/enum_event_category.sql table_user_interest 2024-01-19T14:06:54Z marlon # table_user_interest\n deploy/table_user_interest.sql\n revert/table_user_interest.sql\n verify/table_user_interest.sql table_event_category_mapping 2024-01-19T14:10:16Z marlon # table_event_category_mapping\n deploy/table_event_category_mapping.sql\n revert/table_event_category_mapping.sql\n verify/table_event_category_mapping.sql -table_event_recommendation 2024-01-19T14:12:12Z marlon # table_event_recommendation\n deploy/table_event_recommendation.sql\n revert/table_event_recommendation.sql\n verify/table_event_recommendation.sql +table_event_recommendation 2024-01-19T14:12:12Z marlon # table_event_recommendation\n deploy/table_event_recommendation.sql\n revert/table_event_recommendation.sql\n verify/table_event_recommendation.sql +table_user_interest_policy 2024-01-25T20:55:28Z marlon # deploy/table_user_interest_policy.sql\n revert/table_user_interest_policy.sql\n verify/table_user_interest_policy.sql +table_event_recommendation_policy 2024-01-25T21:28:46Z marlon # table_event_recommendation_policy\n deploy/table_event_recommendation_policy.sql\n revert/table_event_recommendation_policy.sql\n verify/table_event_recommendation_policy.sql +table_event_category_mapping_policy 2024-01-25T21:40:30Z marlon # table_event_category_mapping_policy\n deploy/table_event_category_mapping_policy.sql\n revert/table_event_category_mapping_policy.sql\n verify/table_event_category_mapping_policy.sql diff --git a/src/verify/table_event_category_mapping_policy.sql b/src/verify/table_event_category_mapping_policy.sql new file mode 100644 index 00000000..f31a91e3 --- /dev/null +++ b/src/verify/table_event_category_mapping_policy.sql @@ -0,0 +1,7 @@ +-- Verify maevsi:table_event_category_mapping_policy on pg + +BEGIN; + +-- XXX Add verifications here. + +ROLLBACK; diff --git a/src/verify/table_event_recommendation_policy.sql b/src/verify/table_event_recommendation_policy.sql new file mode 100644 index 00000000..88e04c7f --- /dev/null +++ b/src/verify/table_event_recommendation_policy.sql @@ -0,0 +1,7 @@ +-- Verify maevsi:table_event_recommendation_policy on pg + +BEGIN; + +-- XXX Add verifications here. + +ROLLBACK; diff --git a/src/verify/table_user_interest_policy.sql b/src/verify/table_user_interest_policy.sql new file mode 100644 index 00000000..007f8649 --- /dev/null +++ b/src/verify/table_user_interest_policy.sql @@ -0,0 +1,7 @@ +-- Verify maevsi:table_user_interest_policy on pg + +BEGIN; + +-- XXX Add verifications here. + +ROLLBACK; From cff0b7fdef045ac3f388553f7c4bbffb3a019c78 Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Mon, 29 Jan 2024 18:20:14 +0100 Subject: [PATCH 004/105] feat(revert): add revert for recommendation tables --- .../table_event_category_mapping_policy.sql | 29 +++++++++++++++---- .../table_event_category_mapping_policy.sql | 4 ++- src/revert/table_user_interest_policy.sql | 4 ++- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index a6f1b429..5f41208c 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -4,11 +4,28 @@ BEGIN; GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; --- SELECT: --- * Every event that is public, mine or that I'm invited to --- INSERT: --- * My events --- DELETE: --- * My events +-- Only allow selects for events authored by user, events that are public or that the user is invited to. +CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND ( + event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) + OR + visibility = 'public' + ) +); + +-- Only allow inserts for events authored by user. +CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT CHECK ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND + event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) +); + +-- Only allow deletes for events authored by user. +CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND + event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) +); COMMIT; diff --git a/src/revert/table_event_category_mapping_policy.sql b/src/revert/table_event_category_mapping_policy.sql index 8eb2933d..bfe0023f 100644 --- a/src/revert/table_event_category_mapping_policy.sql +++ b/src/revert/table_event_category_mapping_policy.sql @@ -2,6 +2,8 @@ BEGIN; --- XXX Add DDLs here. +DROP POLICY event_category_mapping_select ON maevsi.event_category_mapping; +DROP POLICY event_category_mapping_insert ON maevsi.event_category_mapping; +DROP POLICY event_category_mapping_delete ON maevsi.event_category_mapping; COMMIT; diff --git a/src/revert/table_user_interest_policy.sql b/src/revert/table_user_interest_policy.sql index ef624754..508ece1e 100644 --- a/src/revert/table_user_interest_policy.sql +++ b/src/revert/table_user_interest_policy.sql @@ -2,6 +2,8 @@ BEGIN; --- XXX Add DDLs here. +DROP POLICY user_interest_select ON maevsi.user_interest_select; +DROP POLICY user_interest_insert ON maevsi.user_interest_select; +DROP POLICY user_interest_delete ON maevsi.user_interest_select; COMMIT; From 1d6bb59a8cd21b4b3bc1c8a48161b3d3ff6226a3 Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Mon, 29 Jan 2024 18:46:18 +0100 Subject: [PATCH 005/105] feat(verify): add verification for event recommendation tables --- src/verify/table_event_category_mapping_policy.sql | 8 +++++++- src/verify/table_event_recommendation_policy.sql | 9 ++++++++- src/verify/table_user_interest_policy.sql | 8 +++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/verify/table_event_category_mapping_policy.sql b/src/verify/table_event_category_mapping_policy.sql index f31a91e3..7327828c 100644 --- a/src/verify/table_event_category_mapping_policy.sql +++ b/src/verify/table_event_category_mapping_policy.sql @@ -2,6 +2,12 @@ BEGIN; --- XXX Add verifications here. +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'INSERT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'DELETE')); +END $$; ROLLBACK; diff --git a/src/verify/table_event_recommendation_policy.sql b/src/verify/table_event_recommendation_policy.sql index 88e04c7f..daa94bf6 100644 --- a/src/verify/table_event_recommendation_policy.sql +++ b/src/verify/table_event_recommendation_policy.sql @@ -2,6 +2,13 @@ BEGIN; --- XXX Add verifications here. +DO $$ +BEGIN + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'UPDATE')); +END $$; ROLLBACK; + diff --git a/src/verify/table_user_interest_policy.sql b/src/verify/table_user_interest_policy.sql index 007f8649..04062f71 100644 --- a/src/verify/table_user_interest_policy.sql +++ b/src/verify/table_user_interest_policy.sql @@ -2,6 +2,12 @@ BEGIN; --- XXX Add verifications here. +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'INSERT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'UPDATE')); +END $$; ROLLBACK; From 3183da01587f4b83e646a5158cb8fba42f44a7ff Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Mon, 29 Jan 2024 18:58:49 +0100 Subject: [PATCH 006/105] feat(schema): fix small errors and build schema --- schema/schema.definition.sql | 76 ++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 42f965e8..28058662 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -3201,6 +3201,35 @@ CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING ((((NULLIF(curre ALTER TABLE maevsi.event ENABLE ROW LEVEL SECURITY; +-- +-- Name: event_category_mapping event_category_mapping_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (event_id = ( SELECT event.id + FROM maevsi.event + WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))))); + + +-- +-- Name: event_category_mapping event_category_mapping_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (event_id = ( SELECT event.id + FROM maevsi.event + WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))))); + + +-- +-- Name: event_category_mapping event_category_mapping_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND ((event_id = ( SELECT event.id + FROM maevsi.event + WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))) OR (( SELECT event.visibility + FROM maevsi.event + WHERE (event.id = event_category_mapping.event_id)) = 'public'::maevsi.event_visibility)))); + + -- -- Name: event_group; Type: ROW SECURITY; Schema: maevsi; Owner: postgres -- @@ -3220,6 +3249,12 @@ ALTER TABLE maevsi.event_grouping ENABLE ROW LEVEL SECURITY; CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +-- +-- Name: event_recommendation; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; + -- -- Name: event event_select; Type: POLICY; Schema: maevsi; Owner: postgres -- @@ -3336,6 +3371,33 @@ CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING (((( SELECT CREATE POLICY upload_update_using ON maevsi.upload FOR UPDATE USING ((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name)); +-- +-- Name: user_interest; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.user_interest ENABLE ROW LEVEL SECURITY; + +-- +-- Name: user_interest user_interest_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY user_interest_delete ON maevsi.user_interest FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (user_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); + + +-- +-- Name: user_interest user_interest_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY user_interest_insert ON maevsi.user_interest FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (user_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); + + +-- +-- Name: user_interest user_interest_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY user_interest_select ON maevsi.user_interest FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (user_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); + + -- -- Name: SCHEMA maevsi; Type: ACL; Schema: -; Owner: postgres -- @@ -3866,6 +3928,13 @@ GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE maevsi.contact TO maevsi_account; GRANT SELECT ON TABLE maevsi.contact TO maevsi_anonymous; +-- +-- Name: TABLE event_category_mapping; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; + + -- -- Name: TABLE event_group; Type: ACL; Schema: maevsi; Owner: postgres -- @@ -3899,6 +3968,13 @@ GRANT SELECT ON TABLE maevsi.profile_picture TO maevsi_anonymous; GRANT SELECT,DELETE ON TABLE maevsi.profile_picture TO maevsi_tusd; +-- +-- Name: TABLE user_interest; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.user_interest TO maevsi_account; + + -- -- Name: DEFAULT PRIVILEGES FOR FUNCTIONS; Type: DEFAULT ACL; Schema: -; Owner: postgres -- From d554d0fe33d903da55a1b14ff9b35772ebad867b Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Mon, 29 Jan 2024 19:08:06 +0100 Subject: [PATCH 007/105] fix(build): commit forgotten files --- src/deploy/table_event_category_mapping_policy.sql | 4 ++-- src/revert/table_user_interest_policy.sql | 6 +++--- src/verify/table_event_category_mapping_policy.sql | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index 5f41208c..d14850e8 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -10,12 +10,12 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR AND ( event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) OR - visibility = 'public' + (SELECT visibility FROM maevsi.event WHERE id = event_id) = 'public' ) ); -- Only allow inserts for events authored by user. -CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT CHECK ( +CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ( NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL AND event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) diff --git a/src/revert/table_user_interest_policy.sql b/src/revert/table_user_interest_policy.sql index 508ece1e..5d10c1f4 100644 --- a/src/revert/table_user_interest_policy.sql +++ b/src/revert/table_user_interest_policy.sql @@ -2,8 +2,8 @@ BEGIN; -DROP POLICY user_interest_select ON maevsi.user_interest_select; -DROP POLICY user_interest_insert ON maevsi.user_interest_select; -DROP POLICY user_interest_delete ON maevsi.user_interest_select; +DROP POLICY user_interest_select ON maevsi.user_interest; +DROP POLICY user_interest_insert ON maevsi.user_interest; +DROP POLICY user_interest_delete ON maevsi.user_interest; COMMIT; diff --git a/src/verify/table_event_category_mapping_policy.sql b/src/verify/table_event_category_mapping_policy.sql index 7327828c..764a1c78 100644 --- a/src/verify/table_event_category_mapping_policy.sql +++ b/src/verify/table_event_category_mapping_policy.sql @@ -6,8 +6,8 @@ DO $$ BEGIN ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'SELECT')); ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'INSERT')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'UPDATE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'DELETE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'UPDATE')); END $$; ROLLBACK; From 3dfd96ab1949933b6326e1762ee6461ff39eda60 Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Mon, 29 Jan 2024 19:19:55 +0100 Subject: [PATCH 008/105] fix(policy): fix user check in event category mapping policy --- schema/schema.definition.sql | 12 ++++++------ src/deploy/table_event_category_mapping_policy.sql | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 28058662..84212c79 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -3205,27 +3205,27 @@ ALTER TABLE maevsi.event ENABLE ROW LEVEL SECURITY; -- Name: event_category_mapping event_category_mapping_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (event_id = ( SELECT event.id +CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))))); + WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); -- -- Name: event_category_mapping event_category_mapping_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (event_id = ( SELECT event.id +CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))))); + WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); -- -- Name: event_category_mapping event_category_mapping_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND ((event_id = ( SELECT event.id +CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND ((( SELECT event.author_account_id FROM maevsi.event - WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))) OR (( SELECT event.visibility + WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) OR (( SELECT event.visibility FROM maevsi.event WHERE (event.id = event_category_mapping.event_id)) = 'public'::maevsi.event_visibility)))); diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index d14850e8..d0c76b4f 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -8,7 +8,7 @@ GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_category_mapping TO maevsi_ac CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ( NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL AND ( - event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID OR (SELECT visibility FROM maevsi.event WHERE id = event_id) = 'public' ) @@ -18,14 +18,14 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ( NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL AND - event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); -- Only allow deletes for events authored by user. CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ( NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL AND - event_id = (SELECT id FROM maevsi.event WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID) + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); COMMIT; From 4ba7dac31bb06937cf01829db9e58d98e9a9c723 Mon Sep 17 00:00:00 2001 From: myyxl <22593897+myyxl@users.noreply.github.com> Date: Thu, 1 Feb 2024 21:28:29 +0100 Subject: [PATCH 009/105] feat(event-category-mapping): check if invited --- schema/schema.definition.sql | 2 +- src/deploy/table_event_category_mapping_policy.sql | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 84212c79..493eab81 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -3227,7 +3227,7 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR FROM maevsi.event WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) OR (( SELECT event.visibility FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = 'public'::maevsi.event_visibility)))); + WHERE (event.id = event_category_mapping.event_id)) = 'public'::maevsi.event_visibility) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited))))); -- diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index d0c76b4f..9f9fce81 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -11,6 +11,8 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID OR (SELECT visibility FROM maevsi.event WHERE id = event_id) = 'public' + OR + event_id IN (SELECT maevsi_private.events_invited()) ) ); From aaa682f5faa249db92ebdf9a1007e25076f3e435 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Sun, 13 Oct 2024 02:06:44 +0200 Subject: [PATCH 010/105] docs: create code of conduct --- CODE_OF_CONDUCT.md | 128 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..c506ef3b --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +contact+code-of-conduct@maev.si. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. From 13d4d4fb5e426c6a4a55f96a7edc9fb3cef12a50 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Sun, 13 Oct 2024 02:12:15 +0200 Subject: [PATCH 011/105] docs: add contribution guide --- CONTRIBUTING.md | 97 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..d20a12d2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,97 @@ +# Contributing to Our Project + +First off, thank you for considering contributing to our project! 🎉 We’re excited to have you on board and appreciate the effort you're putting into making our project better. Whether you’re a seasoned developer or a newbie, we believe every contribution counts, and this guide will help you get started. + +## Getting Started + +We putting continuous effort into making the contribution process as simple as possible. Please follow the steps below, and if you ever get stuck, don’t hesitate to ask questions—we're here to help! + +### 1. Fork and Clone the Repository + +Start by forking the repository to your GitHub account, and then clone it to your local machine using [Git](https://git-scm.com/): + +``` +git clone https://github.com/maevsi/sqitch.git +cd maevsi/sqitch +``` + +### 2. Install Dependencies + +After cloning the repository, make sure you install all the required dependencies using [pnpm](https://pnpm.io/): + +``` +pnpm install +``` + +### 3. Start the Schema Explorer + + + +Head over to [maevsi/maevsi](https://github.com/maevsi/maevsi) to see how to start the full project. Then, you should be able to access the GraphiQL interface at [https://postgraphile.localhost/graphiql](https://postgraphile.localhost/graphiql). This is where you can check that all intended queries and mutations are working as expected. + +Please make sure that the queries and mutations listed on the page align with the expected functionality of the project. + +### 4. Update Schema Artifacts + +Before submitting a pull request, it's important to update the schema artifacts to ensure consistency. We have a script to make this process easier. Run the following command: + +``` +schema/schema-update.sh +``` + +This script will regenerate the necessary schema files and update other artifacts as needed. Make sure to include these changes in your pull request. + +### 5. Follow Semantic Versioning + +We follow [Semantic Versioning](https://semver.org/) in this project. This means: + +- **Patch versions** (x.x.1) are for small fixes that don’t affect the API. +- **Minor versions** (x.1.x) are for backward-compatible functionality additions. +- **Major versions** (1.x.x) are for changes that break backward compatibility. + +When submitting changes, please ensure your updates and commit messages are aligned with this versioning strategy. + +## Contribution Workflow + +### 1. Branching + +Create a new branch for your work. This keeps your work isolated and makes it easier for others to review. + +``` +git checkout -b feature/new-feature +``` + +### 2. Commit Messages + +Write clear and concise commit messages that explain the reasoning behind your changes. For example: + +- `feat(event)!: remove start time` +- `feat(event): add ticketing` +- `fix(account): correct username length constraint` +- `docs: add contribution guide` + + +### 3. Pull Requests + +When you’re ready to submit your changes, push your branch and open a pull request. In your PR description: + +- **Explain the purpose of your changes**: What problem does this solve? Why is this needed? +- **Reference relevant issues**: Link to any GitHub issues this PR addresses. + +### 4. Code Reviews + +Once your pull request is submitted, someone from the team will review your changes. Be open to feedback! Code reviews are meant to ensure high-quality code and are part of the collaborative development process. + +## New to Open Source? + +No worries! We’re happy to guide you through the process. Check out [GitHub's Guide to Contributing](https://docs.github.com/en/get-started/quickstart/contributing-to-projects) to get started with open-source contributions. + +Feel free to open a draft pull request if you're unsure about anything or if you'd like some early feedback! + +## Code of Conduct + +We expect all contributors to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md). Please read it before starting any contribution. We aim to foster a welcoming and inclusive community, and we appreciate your respect for fellow contributors. + +--- + +Thank you again for your interest in contributing! Let’s build something amazing together 🚀 From a953bc8c28cd177d97a02bf7d2d4d56ec1d72ebb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 04:18:24 +0000 Subject: [PATCH 012/105] chore(deps): update dargmuesli/github-actions action to v2.3.4 --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-schedule.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ab01cc8..1dc88656 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.3 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.4 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -35,7 +35,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.3 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.4 needs: release_semantic_dry permissions: packages: write @@ -44,7 +44,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.3 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.4 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index fcfc0c98..b0111d75 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.3 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.4 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: From e3b389bb302b16a208a1dddedc35f1b909175af6 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Wed, 30 Oct 2024 10:59:21 +0100 Subject: [PATCH 013/105] feat(event): Add event sizes Enum type added for event sizes small, medium, large, huge. Function added to derive the event size for an event from its maximum number of invitations. --- schema/schema.definition.sql | 64 ++++++++++++++++++++++++++++++ src/deploy/enum_event_size.sql | 15 +++++++ src/deploy/function_event_size.sql | 33 +++++++++++++++ src/revert/enum_event_size.sql | 7 ++++ src/revert/function_event_size.sql | 7 ++++ src/sqitch.plan | 2 + src/verify/enum_event_size.sql | 10 +++++ src/verify/function_event_size.sql | 11 +++++ 8 files changed, 149 insertions(+) create mode 100644 src/deploy/enum_event_size.sql create mode 100644 src/deploy/function_event_size.sql create mode 100644 src/revert/enum_event_size.sql create mode 100644 src/revert/function_event_size.sql create mode 100644 src/verify/enum_event_size.sql create mode 100644 src/verify/function_event_size.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index d35a250c..1c0ad42e 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -95,6 +95,27 @@ ALTER TYPE maevsi.achievement_type OWNER TO postgres; COMMENT ON TYPE maevsi.achievement_type IS 'Achievements that can be unlocked by users.'; +-- +-- Name: event_size; Type: TYPE; Schema: maevsi; Owner: postgres +-- + +CREATE TYPE maevsi.event_size AS ENUM ( + 'small', + 'medium', + 'large', + 'huge' +); + + +ALTER TYPE maevsi.event_size OWNER TO postgres; + +-- +-- Name: TYPE event_size; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TYPE maevsi.event_size IS 'Possible event sizes: small, medium, large, huge.'; + + -- -- Name: jwt; Type: TYPE; Schema: maevsi; Owner: postgres -- @@ -886,6 +907,40 @@ ALTER FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text) OWNER COMMENT ON FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text) IS 'Shows if an event exists.'; +-- +-- Name: event_size(uuid); Type: FUNCTION; Schema: maevsi; Owner: postgres +-- + +CREATE FUNCTION maevsi.event_size(p_id uuid) RETURNS maevsi.event_size + LANGUAGE plpgsql STABLE STRICT SECURITY DEFINER + AS $$ +DECLARE + _size maevsi.event_size := NULL; +BEGIN + SELECT + CASE + WHEN invitee_count_maximum <= 9 THEN 'small'::maevsi.event_size + WHEN invitee_count_maximum <= 49 THEN 'medium'::maevsi.event_size + WHEN invitee_count_maximum <= 999 THEN 'large'::maevsi.event_size + ELSE 'huge'::maevsi.event_size + END INTO _size + FROM maevsi.event + WHERE id = p_id; + + RETURN _size; +END +$$; + + +ALTER FUNCTION maevsi.event_size(p_id uuid) OWNER TO postgres; + +-- +-- Name: FUNCTION event_size(p_id uuid); Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON FUNCTION maevsi.event_size(p_id uuid) IS 'For a given event id the function returns the corresponding event size, or null if the event id does not exist.'; + + -- -- Name: event_unlock(uuid); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -3987,6 +4042,15 @@ GRANT ALL ON FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text GRANT ALL ON FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text) TO maevsi_anonymous; +-- +-- Name: FUNCTION event_size(p_id uuid); Type: ACL; Schema: maevsi; Owner: postgres +-- + +REVOKE ALL ON FUNCTION maevsi.event_size(p_id uuid) FROM PUBLIC; +GRANT ALL ON FUNCTION maevsi.event_size(p_id uuid) TO maevsi_account; +GRANT ALL ON FUNCTION maevsi.event_size(p_id uuid) TO maevsi_anonymous; + + -- -- Name: FUNCTION event_unlock(invitation_id uuid); Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/enum_event_size.sql b/src/deploy/enum_event_size.sql new file mode 100644 index 00000000..1bb77aac --- /dev/null +++ b/src/deploy/enum_event_size.sql @@ -0,0 +1,15 @@ +-- Deploy maevsi:enum_event_size to pg +-- requires: schema_public + +BEGIN; + +CREATE TYPE maevsi.event_size AS ENUM ( + 'small', + 'medium', + 'large', + 'huge' +); + +COMMENT ON TYPE maevsi.event_size IS 'Possible event sizes: small, medium, large, huge.'; + +COMMIT; diff --git a/src/deploy/function_event_size.sql b/src/deploy/function_event_size.sql new file mode 100644 index 00000000..9e542e72 --- /dev/null +++ b/src/deploy/function_event_size.sql @@ -0,0 +1,33 @@ +-- Deploy maevsi:function_event_size to pg +-- requires: privilege_execute_revoke +-- requires: schema_public +-- requires: table_event +-- requires: role_account +-- requires: role_anonymous + +BEGIN; + +CREATE FUNCTION maevsi.event_size(p_id UUID) +RETURNS maevsi.event_size AS $$ +DECLARE + _size maevsi.event_size := NULL; +BEGIN + SELECT + CASE + WHEN invitee_count_maximum <= 9 THEN 'small'::maevsi.event_size + WHEN invitee_count_maximum <= 49 THEN 'medium'::maevsi.event_size + WHEN invitee_count_maximum <= 999 THEN 'large'::maevsi.event_size + ELSE 'huge'::maevsi.event_size + END INTO _size + FROM maevsi.event + WHERE id = p_id; + + RETURN _size; +END +$$ LANGUAGE PLPGSQL STRICT STABLE SECURITY DEFINER; + +COMMENT ON FUNCTION maevsi.event_size(UUID) IS 'For a given event id the function returns the corresponding event size, or null if the event id does not exist.'; + +GRANT EXECUTE ON FUNCTION maevsi.event_size(UUID) TO maevsi_account, maevsi_anonymous; + +COMMIT; diff --git a/src/revert/enum_event_size.sql b/src/revert/enum_event_size.sql new file mode 100644 index 00000000..52fda255 --- /dev/null +++ b/src/revert/enum_event_size.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:enum_event_size from pg + +BEGIN; + +DROP TYPE maevsi.event_size; + +COMMIT; diff --git a/src/revert/function_event_size.sql b/src/revert/function_event_size.sql new file mode 100644 index 00000000..632c0d4c --- /dev/null +++ b/src/revert/function_event_size.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:function_event_size from pg + +BEGIN; + +DROP FUNCTION maevsi.event_size; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 4a6e4504..62de5c14 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -69,3 +69,5 @@ table_report [schema_public table_account_public table_event table_upload] 1970- table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. +enum_event_size [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. +function_event_size [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Sven Thelemann # TFor a given event id the function returns the corresponding event size. diff --git a/src/verify/enum_event_size.sql b/src/verify/enum_event_size.sql new file mode 100644 index 00000000..aae61f8c --- /dev/null +++ b/src/verify/enum_event_size.sql @@ -0,0 +1,10 @@ +-- Verify maevsi:enum_event_size on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_type_privilege('maevsi.event_size', 'USAGE')); +END $$; + +ROLLBACK; diff --git a/src/verify/function_event_size.sql b/src/verify/function_event_size.sql new file mode 100644 index 00000000..82c643d7 --- /dev/null +++ b/src/verify/function_event_size.sql @@ -0,0 +1,11 @@ +-- Verify maevsi:function_event_size on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.event_size(UUID)', 'EXECUTE')); + ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.event_size(UUID)', 'EXECUTE')); +END $$; + +ROLLBACK; From 5f47988bc0ebedf2caa3a38399adc4f4de6c5b38 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Thu, 31 Oct 2024 19:53:39 +0100 Subject: [PATCH 014/105] feat(account): Add ability to store an account's preferred event sizes Table account_event_size_pref added. --- schema/schema.definition.sql | 83 +++++++++++++++++++ src/deploy/table_account_event_size_pref.sql | 19 +++++ .../table_account_event_size_pref_policy.sql | 24 ++++++ src/revert/table_account_event_size_pref.sql | 7 ++ .../table_account_event_size_pref_policy.sql | 9 ++ src/sqitch.plan | 6 +- src/verify/table_account_event_size_pref.sql | 9 ++ .../table_account_event_size_pref_policy.sql | 21 +++++ 8 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 src/deploy/table_account_event_size_pref.sql create mode 100644 src/deploy/table_account_event_size_pref_policy.sql create mode 100644 src/revert/table_account_event_size_pref.sql create mode 100644 src/revert/table_account_event_size_pref_policy.sql create mode 100644 src/verify/table_account_event_size_pref.sql create mode 100644 src/verify/table_account_event_size_pref_policy.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 1c0ad42e..db16df6f 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1634,6 +1634,39 @@ COMMENT ON COLUMN maevsi.account.id IS 'The account''s internal id.'; COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.'; +-- +-- Name: account_event_size_pref; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.account_event_size_pref ( + account_id uuid NOT NULL, + event_size maevsi.event_size NOT NULL +); + + +ALTER TABLE maevsi.account_event_size_pref OWNER TO postgres; + +-- +-- Name: TABLE account_event_size_pref; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.account_event_size_pref IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; + + +-- +-- Name: COLUMN account_event_size_pref.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_event_size_pref.account_id IS 'The account''s internal id.'; + + +-- +-- Name: COLUMN account_event_size_pref.event_size; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_event_size_pref.event_size IS 'A preferred event sized'; + + -- -- Name: achievement; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -2932,6 +2965,14 @@ COMMENT ON COLUMN sqitch.tags.planner_name IS 'Name of the user who planed the t COMMENT ON COLUMN sqitch.tags.planner_email IS 'Email address of the user who planned the tag.'; +-- +-- Name: account_event_size_pref account_event_size_pref_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_event_size_pref + ADD CONSTRAINT account_event_size_pref_pkey PRIMARY KEY (account_id, event_size); + + -- -- Name: account account_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3377,6 +3418,14 @@ CREATE TRIGGER maevsi_private_account_email_address_verification_valid_until BEF CREATE TRIGGER maevsi_private_account_password_reset_verification_valid_until BEFORE INSERT OR UPDATE OF password_reset_verification ON maevsi_private.account FOR EACH ROW EXECUTE FUNCTION maevsi_private.account_password_reset_verification_valid_until(); +-- +-- Name: account_event_size_pref account_event_size_pref_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_event_size_pref + ADD CONSTRAINT account_event_size_pref_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id); + + -- -- Name: account account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3583,6 +3632,33 @@ ALTER TABLE ONLY sqitch.tags ALTER TABLE maevsi.account ENABLE ROW LEVEL SECURITY; +-- +-- Name: account_event_size_pref; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.account_event_size_pref ENABLE ROW LEVEL SECURITY; + +-- +-- Name: account_event_size_pref account_event_size_pref_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_event_size_pref_delete ON maevsi.account_event_size_pref FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + +-- +-- Name: account_event_size_pref account_event_size_pref_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_event_size_pref_insert ON maevsi.account_event_size_pref FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + +-- +-- Name: account_event_size_pref account_event_size_pref_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_event_size_pref_select ON maevsi.account_event_size_pref FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + -- -- Name: account account_select; Type: POLICY; Schema: maevsi; Owner: postgres -- @@ -4385,6 +4461,13 @@ GRANT SELECT ON TABLE maevsi.account TO maevsi_account; GRANT SELECT ON TABLE maevsi.account TO maevsi_anonymous; +-- +-- Name: TABLE account_event_size_pref; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.account_event_size_pref TO maevsi_account; + + -- -- Name: TABLE achievement; Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_account_event_size_pref.sql b/src/deploy/table_account_event_size_pref.sql new file mode 100644 index 00000000..f5421802 --- /dev/null +++ b/src/deploy/table_account_event_size_pref.sql @@ -0,0 +1,19 @@ +-- Deploy maevsi:table_account_private to pg +-- requires: schema_public +-- requires: table_account_public +-- requires: enum_event_size + +BEGIN; + +CREATE TABLE maevsi.account_event_size_pref ( + account_id UUID REFERENCES maevsi.account(id), + event_size maevsi.event_size, + + PRIMARY KEY (account_id, event_size) +); + +COMMENT ON TABLE maevsi.account_event_size_pref IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; +COMMENT ON COLUMN maevsi.account_event_size_pref.account_id IS 'The account''s internal id.'; +COMMENT ON COLUMN maevsi.account_event_size_pref.event_size IS 'A preferred event sized'; + +END; diff --git a/src/deploy/table_account_event_size_pref_policy.sql b/src/deploy/table_account_event_size_pref_policy.sql new file mode 100644 index 00000000..e6da31b6 --- /dev/null +++ b/src/deploy/table_account_event_size_pref_policy.sql @@ -0,0 +1,24 @@ +-- Deploy maevsi:table_account_event_size_pref_policy to pg + +BEGIN; + +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_event_size_pref TO maevsi_account; + +ALTER TABLE maevsi.account_event_size_pref ENABLE ROW LEVEL SECURITY; + +-- Only allow selects by the current account. +CREATE POLICY account_event_size_pref_select ON maevsi.account_event_size_pref FOR SELECT USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow inserts by the current account. +CREATE POLICY account_event_size_pref_insert ON maevsi.account_event_size_pref FOR INSERT WITH CHECK ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow deletes by the current account. +CREATE POLICY account_event_size_pref_delete ON maevsi.account_event_size_pref FOR DELETE USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +COMMIT; diff --git a/src/revert/table_account_event_size_pref.sql b/src/revert/table_account_event_size_pref.sql new file mode 100644 index 00000000..663c32e5 --- /dev/null +++ b/src/revert/table_account_event_size_pref.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_maevsi.account_event_size_pref from pg + +BEGIN; + +DROP TABLE maevsi.account_event_size_pref; + +COMMIT; diff --git a/src/revert/table_account_event_size_pref_policy.sql b/src/revert/table_account_event_size_pref_policy.sql new file mode 100644 index 00000000..cc89acfd --- /dev/null +++ b/src/revert/table_account_event_size_pref_policy.sql @@ -0,0 +1,9 @@ +-- Revert maevsi:table_maevsi.account_event_size_pref_policy from pg + +BEGIN; + +DROP POLICY account_event_size_pref_select ON maevsi.account_event_size_pref; +DROP POLICY account_event_size_pref_insert ON maevsi.account_event_size_pref; +DROP POLICY account_event_size_pref_delete ON maevsi.account_event_size_pref; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 62de5c14..541aed28 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -69,5 +69,7 @@ table_report [schema_public table_account_public table_event table_upload] 1970- table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. -enum_event_size [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. -function_event_size [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Sven Thelemann # TFor a given event id the function returns the corresponding event size. +enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. +function_event_size [schema_public table_event enum_event_size role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # For a given event id the function returns the corresponding event size. +table_account_event_size_pref [schema_public table_account_public enum_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). +table_account_event_size_pref_policy [schema_public table_account_event_size_pref role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. diff --git a/src/verify/table_account_event_size_pref.sql b/src/verify/table_account_event_size_pref.sql new file mode 100644 index 00000000..61f4ac2e --- /dev/null +++ b/src/verify/table_account_event_size_pref.sql @@ -0,0 +1,9 @@ +-- Verify maevsi:table_account_event_size_pref on pg + +BEGIN; + +SELECT account_id, + event_size +FROM maevsi.account_event_size_pref WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_account_event_size_pref_policy.sql b/src/verify/table_account_event_size_pref_policy.sql new file mode 100644 index 00000000..0874546c --- /dev/null +++ b/src/verify/table_account_event_size_pref_policy.sql @@ -0,0 +1,21 @@ +-- Verify maevsi:table_account_event_size_pref_policy on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'DELETE')); +END $$; + +ROLLBACK; From 920f15b5804af7e111755dc753c108378eb51ba1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 00:08:09 +0000 Subject: [PATCH 015/105] chore(deps): lock file maintenance --- pnpm-lock.yaml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 438c95b0..ef35285c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: devDependencies: '@commitlint/cli': specifier: 19.5.0 - version: 19.5.0(@types/node@22.8.1)(typescript@5.6.3) + version: 19.5.0(@types/node@22.8.7)(typescript@5.6.3) '@commitlint/config-conventional': specifier: 19.5.0 version: 19.5.0 @@ -23,8 +23,8 @@ importers: packages: - '@babel/code-frame@7.26.0': - resolution: {integrity: sha512-INCKxTtbXtcNbUZ3YXutwMpEleqttcswhAdee7dhuoVrD2cnuc3PqtERBtxkX5nziX9vnBL8WXmSGwv8CuPV6g==} + '@babel/code-frame@7.26.2': + resolution: {integrity: sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==} engines: {node: '>=6.9.0'} '@babel/helper-validator-identifier@7.25.9': @@ -103,8 +103,8 @@ packages: '@types/conventional-commits-parser@5.0.0': resolution: {integrity: sha512-loB369iXNmAZglwWATL+WRe+CRMmmBPtpolYzIebFaX4YA3x+BEfLqhUAV9WanycKI3TG1IMr5bMJDajDKLlUQ==} - '@types/node@22.8.1': - resolution: {integrity: sha512-k6Gi8Yyo8EtrNtkHXutUu2corfDf9su95VYVP10aGYMMROM6SAItZi0w1XszA6RtWTHSVp5OeFof37w0IEqCQg==} + '@types/node@22.8.7': + resolution: {integrity: sha512-LidcG+2UeYIWcMuMUpBKOnryBWG/rnmOHQR5apjn8myTQcx3rinFRn7DcIFhMnS0PPFSC6OafdIKEad0lj6U0Q==} JSONStream@1.3.5: resolution: {integrity: sha512-E+iruNOY8VV9s4JEbe1aNEm6MiszPRr/UfcHMz0TQh1BXSxHK+ASV1R6W4HpjBhSeS+54PIsAMCBmwD06LLsqQ==} @@ -421,7 +421,7 @@ packages: snapshots: - '@babel/code-frame@7.26.0': + '@babel/code-frame@7.26.2': dependencies: '@babel/helper-validator-identifier': 7.25.9 js-tokens: 4.0.0 @@ -429,11 +429,11 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.5.0(@types/node@22.8.1)(typescript@5.6.3)': + '@commitlint/cli@19.5.0(@types/node@22.8.7)(typescript@5.6.3)': dependencies: '@commitlint/format': 19.5.0 '@commitlint/lint': 19.5.0 - '@commitlint/load': 19.5.0(@types/node@22.8.1)(typescript@5.6.3) + '@commitlint/load': 19.5.0(@types/node@22.8.7)(typescript@5.6.3) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 tinyexec: 0.3.1 @@ -480,7 +480,7 @@ snapshots: '@commitlint/rules': 19.5.0 '@commitlint/types': 19.5.0 - '@commitlint/load@19.5.0(@types/node@22.8.1)(typescript@5.6.3)': + '@commitlint/load@19.5.0(@types/node@22.8.7)(typescript@5.6.3)': dependencies: '@commitlint/config-validator': 19.5.0 '@commitlint/execute-rule': 19.5.0 @@ -488,7 +488,7 @@ snapshots: '@commitlint/types': 19.5.0 chalk: 5.3.0 cosmiconfig: 9.0.0(typescript@5.6.3) - cosmiconfig-typescript-loader: 5.1.0(@types/node@22.8.1)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3) + cosmiconfig-typescript-loader: 5.1.0(@types/node@22.8.7)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3) lodash.isplainobject: 4.0.6 lodash.merge: 4.6.2 lodash.uniq: 4.5.0 @@ -541,9 +541,9 @@ snapshots: '@types/conventional-commits-parser@5.0.0': dependencies: - '@types/node': 22.8.1 + '@types/node': 22.8.7 - '@types/node@22.8.1': + '@types/node@22.8.7': dependencies: undici-types: 6.19.8 @@ -609,9 +609,9 @@ snapshots: meow: 12.1.1 split2: 4.2.0 - cosmiconfig-typescript-loader@5.1.0(@types/node@22.8.1)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3): + cosmiconfig-typescript-loader@5.1.0(@types/node@22.8.7)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3): dependencies: - '@types/node': 22.8.1 + '@types/node': 22.8.7 cosmiconfig: 9.0.0(typescript@5.6.3) jiti: 1.21.6 typescript: 5.6.3 @@ -740,7 +740,7 @@ snapshots: parse-json@5.2.0: dependencies: - '@babel/code-frame': 7.26.0 + '@babel/code-frame': 7.26.2 error-ex: 1.3.2 json-parse-even-better-errors: 2.3.1 lines-and-columns: 1.2.4 From e3f228366bed0c0dfd5bba04559f1bce6ad33ea1 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Tue, 5 Nov 2024 22:38:20 +0100 Subject: [PATCH 016/105] chore(naming): table name changed Table name account_event_size_pref changed into account_preference_event_size. --- schema/schema.definition.sql | 62 +++++++++---------- src/deploy/table_account_event_size_pref.sql | 10 +-- .../table_account_event_size_pref_policy.sql | 12 ++-- src/revert/table_account_event_size_pref.sql | 4 +- .../table_account_event_size_pref_policy.sql | 8 +-- src/verify/table_account_event_size_pref.sql | 4 +- .../table_account_event_size_pref_policy.sql | 26 ++++---- 7 files changed, 63 insertions(+), 63 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index db16df6f..48522126 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1635,36 +1635,36 @@ COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.'; -- --- Name: account_event_size_pref; Type: TABLE; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size; Type: TABLE; Schema: maevsi; Owner: postgres -- -CREATE TABLE maevsi.account_event_size_pref ( +CREATE TABLE maevsi.account_preference_event_size ( account_id uuid NOT NULL, event_size maevsi.event_size NOT NULL ); -ALTER TABLE maevsi.account_event_size_pref OWNER TO postgres; +ALTER TABLE maevsi.account_preference_event_size OWNER TO postgres; -- --- Name: TABLE account_event_size_pref; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: TABLE account_preference_event_size; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON TABLE maevsi.account_event_size_pref IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; +COMMENT ON TABLE maevsi.account_preference_event_size IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; -- --- Name: COLUMN account_event_size_pref.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN account_preference_event_size.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.account_event_size_pref.account_id IS 'The account''s internal id.'; +COMMENT ON COLUMN maevsi.account_preference_event_size.account_id IS 'The account''s internal id.'; -- --- Name: COLUMN account_event_size_pref.event_size; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN account_preference_event_size.event_size; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.account_event_size_pref.event_size IS 'A preferred event sized'; +COMMENT ON COLUMN maevsi.account_preference_event_size.event_size IS 'A preferred event sized'; -- @@ -2966,19 +2966,19 @@ COMMENT ON COLUMN sqitch.tags.planner_email IS 'Email address of the user who pl -- --- Name: account_event_size_pref account_event_size_pref_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: account account_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- -ALTER TABLE ONLY maevsi.account_event_size_pref - ADD CONSTRAINT account_event_size_pref_pkey PRIMARY KEY (account_id, event_size); +ALTER TABLE ONLY maevsi.account + ADD CONSTRAINT account_pkey PRIMARY KEY (id); -- --- Name: account account_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size account_preference_event_size_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- -ALTER TABLE ONLY maevsi.account - ADD CONSTRAINT account_pkey PRIMARY KEY (id); +ALTER TABLE ONLY maevsi.account_preference_event_size + ADD CONSTRAINT account_preference_event_size_pkey PRIMARY KEY (account_id, event_size); -- @@ -3419,19 +3419,19 @@ CREATE TRIGGER maevsi_private_account_password_reset_verification_valid_until BE -- --- Name: account_event_size_pref account_event_size_pref_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: account account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- -ALTER TABLE ONLY maevsi.account_event_size_pref - ADD CONSTRAINT account_event_size_pref_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id); +ALTER TABLE ONLY maevsi.account + ADD CONSTRAINT account_id_fkey FOREIGN KEY (id) REFERENCES maevsi_private.account(id) ON DELETE CASCADE; -- --- Name: account account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size account_preference_event_size_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- -ALTER TABLE ONLY maevsi.account - ADD CONSTRAINT account_id_fkey FOREIGN KEY (id) REFERENCES maevsi_private.account(id) ON DELETE CASCADE; +ALTER TABLE ONLY maevsi.account_preference_event_size + ADD CONSTRAINT account_preference_event_size_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id); -- @@ -3633,30 +3633,30 @@ ALTER TABLE ONLY sqitch.tags ALTER TABLE maevsi.account ENABLE ROW LEVEL SECURITY; -- --- Name: account_event_size_pref; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size; Type: ROW SECURITY; Schema: maevsi; Owner: postgres -- -ALTER TABLE maevsi.account_event_size_pref ENABLE ROW LEVEL SECURITY; +ALTER TABLE maevsi.account_preference_event_size ENABLE ROW LEVEL SECURITY; -- --- Name: account_event_size_pref account_event_size_pref_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size account_preference_event_size_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_event_size_pref_delete ON maevsi.account_event_size_pref FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); -- --- Name: account_event_size_pref account_event_size_pref_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size account_preference_event_size_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_event_size_pref_insert ON maevsi.account_event_size_pref FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); -- --- Name: account_event_size_pref account_event_size_pref_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- Name: account_preference_event_size account_preference_event_size_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_event_size_pref_select ON maevsi.account_event_size_pref FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); -- @@ -4462,10 +4462,10 @@ GRANT SELECT ON TABLE maevsi.account TO maevsi_anonymous; -- --- Name: TABLE account_event_size_pref; Type: ACL; Schema: maevsi; Owner: postgres +-- Name: TABLE account_preference_event_size; Type: ACL; Schema: maevsi; Owner: postgres -- -GRANT SELECT,INSERT,DELETE ON TABLE maevsi.account_event_size_pref TO maevsi_account; +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.account_preference_event_size TO maevsi_account; -- diff --git a/src/deploy/table_account_event_size_pref.sql b/src/deploy/table_account_event_size_pref.sql index f5421802..abecd735 100644 --- a/src/deploy/table_account_event_size_pref.sql +++ b/src/deploy/table_account_event_size_pref.sql @@ -1,19 +1,19 @@ --- Deploy maevsi:table_account_private to pg +-- Deploy maevsi:table_account_preference_event_size to pg -- requires: schema_public -- requires: table_account_public -- requires: enum_event_size BEGIN; -CREATE TABLE maevsi.account_event_size_pref ( +CREATE TABLE maevsi.account_preference_event_size ( account_id UUID REFERENCES maevsi.account(id), event_size maevsi.event_size, PRIMARY KEY (account_id, event_size) ); -COMMENT ON TABLE maevsi.account_event_size_pref IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; -COMMENT ON COLUMN maevsi.account_event_size_pref.account_id IS 'The account''s internal id.'; -COMMENT ON COLUMN maevsi.account_event_size_pref.event_size IS 'A preferred event sized'; +COMMENT ON TABLE maevsi.account_preference_event_size IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; +COMMENT ON COLUMN maevsi.account_preference_event_size.account_id IS 'The account''s internal id.'; +COMMENT ON COLUMN maevsi.account_preference_event_size.event_size IS 'A preferred event sized'; END; diff --git a/src/deploy/table_account_event_size_pref_policy.sql b/src/deploy/table_account_event_size_pref_policy.sql index e6da31b6..2f06b1dd 100644 --- a/src/deploy/table_account_event_size_pref_policy.sql +++ b/src/deploy/table_account_event_size_pref_policy.sql @@ -1,23 +1,23 @@ --- Deploy maevsi:table_account_event_size_pref_policy to pg +-- Deploy maevsi:table_account_preference_event_size_policy to pg BEGIN; -GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_event_size_pref TO maevsi_account; +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_preference_event_size TO maevsi_account; -ALTER TABLE maevsi.account_event_size_pref ENABLE ROW LEVEL SECURITY; +ALTER TABLE maevsi.account_preference_event_size ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current account. -CREATE POLICY account_event_size_pref_select ON maevsi.account_event_size_pref FOR SELECT USING ( +CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ( account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); -- Only allow inserts by the current account. -CREATE POLICY account_event_size_pref_insert ON maevsi.account_event_size_pref FOR INSERT WITH CHECK ( +CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ( account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); -- Only allow deletes by the current account. -CREATE POLICY account_event_size_pref_delete ON maevsi.account_event_size_pref FOR DELETE USING ( +CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ( account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); diff --git a/src/revert/table_account_event_size_pref.sql b/src/revert/table_account_event_size_pref.sql index 663c32e5..03497f54 100644 --- a/src/revert/table_account_event_size_pref.sql +++ b/src/revert/table_account_event_size_pref.sql @@ -1,7 +1,7 @@ --- Revert maevsi:table_maevsi.account_event_size_pref from pg +-- Revert maevsi:table_maevsi.account_preference_event_size from pg BEGIN; -DROP TABLE maevsi.account_event_size_pref; +DROP TABLE maevsi.account_preference_event_size; COMMIT; diff --git a/src/revert/table_account_event_size_pref_policy.sql b/src/revert/table_account_event_size_pref_policy.sql index cc89acfd..75d1a279 100644 --- a/src/revert/table_account_event_size_pref_policy.sql +++ b/src/revert/table_account_event_size_pref_policy.sql @@ -1,9 +1,9 @@ --- Revert maevsi:table_maevsi.account_event_size_pref_policy from pg +-- Revert maevsi:table_maevsi.account_preference_event_size_policy from pg BEGIN; -DROP POLICY account_event_size_pref_select ON maevsi.account_event_size_pref; -DROP POLICY account_event_size_pref_insert ON maevsi.account_event_size_pref; -DROP POLICY account_event_size_pref_delete ON maevsi.account_event_size_pref; +DROP POLICY account_preference_event_size_select ON maevsi.account_preference_event_size; +DROP POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size; +DROP POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size; COMMIT; diff --git a/src/verify/table_account_event_size_pref.sql b/src/verify/table_account_event_size_pref.sql index 61f4ac2e..55553a50 100644 --- a/src/verify/table_account_event_size_pref.sql +++ b/src/verify/table_account_event_size_pref.sql @@ -1,9 +1,9 @@ --- Verify maevsi:table_account_event_size_pref on pg +-- Verify maevsi:table_account_preference_event_size on pg BEGIN; SELECT account_id, event_size -FROM maevsi.account_event_size_pref WHERE FALSE; +FROM maevsi.account_preference_event_size WHERE FALSE; ROLLBACK; diff --git a/src/verify/table_account_event_size_pref_policy.sql b/src/verify/table_account_event_size_pref_policy.sql index 0874546c..3de84ac7 100644 --- a/src/verify/table_account_event_size_pref_policy.sql +++ b/src/verify/table_account_event_size_pref_policy.sql @@ -1,21 +1,21 @@ --- Verify maevsi:table_account_event_size_pref_policy on pg +-- Verify maevsi:table_account_preference_event_size_policy on pg BEGIN; DO $$ BEGIN - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'SELECT')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'INSERT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'UPDATE')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_event_size_pref', 'DELETE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'SELECT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'INSERT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'UPDATE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_event_size_pref', 'DELETE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'SELECT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'INSERT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'UPDATE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_event_size_pref', 'DELETE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_preference_event_size', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_preference_event_size', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_preference_event_size', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_preference_event_size', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_preference_event_size', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_preference_event_size', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_preference_event_size', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_preference_event_size', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_preference_event_size', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_preference_event_size', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_preference_event_size', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_preference_event_size', 'DELETE')); END $$; ROLLBACK; From 08c7f4d044bbaeb4a5960f66d7273c56774de3ec Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Tue, 5 Nov 2024 22:45:51 +0100 Subject: [PATCH 017/105] chore(naming): files names changed File names changed to be in accordance with latest table name change. --- ..._size_pref.sql => table_account_preference_event_size.sql} | 0 ...icy.sql => table_account_preference_event_size_policy.sql} | 0 ..._size_pref.sql => table_account_preference_event_size.sql} | 0 ...icy.sql => table_account_preference_event_size_policy.sql} | 0 src/sqitch.plan | 4 ++-- ..._size_pref.sql => table_account_preference_event_size.sql} | 0 ...icy.sql => table_account_preference_event_size_policy.sql} | 0 7 files changed, 2 insertions(+), 2 deletions(-) rename src/deploy/{table_account_event_size_pref.sql => table_account_preference_event_size.sql} (100%) rename src/deploy/{table_account_event_size_pref_policy.sql => table_account_preference_event_size_policy.sql} (100%) rename src/revert/{table_account_event_size_pref.sql => table_account_preference_event_size.sql} (100%) rename src/revert/{table_account_event_size_pref_policy.sql => table_account_preference_event_size_policy.sql} (100%) rename src/verify/{table_account_event_size_pref.sql => table_account_preference_event_size.sql} (100%) rename src/verify/{table_account_event_size_pref_policy.sql => table_account_preference_event_size_policy.sql} (100%) diff --git a/src/deploy/table_account_event_size_pref.sql b/src/deploy/table_account_preference_event_size.sql similarity index 100% rename from src/deploy/table_account_event_size_pref.sql rename to src/deploy/table_account_preference_event_size.sql diff --git a/src/deploy/table_account_event_size_pref_policy.sql b/src/deploy/table_account_preference_event_size_policy.sql similarity index 100% rename from src/deploy/table_account_event_size_pref_policy.sql rename to src/deploy/table_account_preference_event_size_policy.sql diff --git a/src/revert/table_account_event_size_pref.sql b/src/revert/table_account_preference_event_size.sql similarity index 100% rename from src/revert/table_account_event_size_pref.sql rename to src/revert/table_account_preference_event_size.sql diff --git a/src/revert/table_account_event_size_pref_policy.sql b/src/revert/table_account_preference_event_size_policy.sql similarity index 100% rename from src/revert/table_account_event_size_pref_policy.sql rename to src/revert/table_account_preference_event_size_policy.sql diff --git a/src/sqitch.plan b/src/sqitch.plan index 541aed28..17483e5f 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -71,5 +71,5 @@ table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00 table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. function_event_size [schema_public table_event enum_event_size role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # For a given event id the function returns the corresponding event size. -table_account_event_size_pref [schema_public table_account_public enum_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). -table_account_event_size_pref_policy [schema_public table_account_event_size_pref role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. +table_account_preference_event_size [schema_public table_account_public enum_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). +table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. diff --git a/src/verify/table_account_event_size_pref.sql b/src/verify/table_account_preference_event_size.sql similarity index 100% rename from src/verify/table_account_event_size_pref.sql rename to src/verify/table_account_preference_event_size.sql diff --git a/src/verify/table_account_event_size_pref_policy.sql b/src/verify/table_account_preference_event_size_policy.sql similarity index 100% rename from src/verify/table_account_event_size_pref_policy.sql rename to src/verify/table_account_preference_event_size_policy.sql From 8581ad091bea58ff33fab8a31e1c9e8fd2f2c430 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Wed, 6 Nov 2024 00:27:14 +0100 Subject: [PATCH 018/105] feat(recommendation): several modifications to db schema Enum type event_category replaced by table of the same name. Policies modified. Table and column comments added. --- schema/schema-update.sh | 8 +- schema/schema.definition.sql | 308 ++++++++++++------ src/deploy/enum_event_category.sql | 24 -- src/deploy/table_event_category.sql | 30 ++ src/deploy/table_event_category_mapping.sql | 15 +- .../table_event_category_mapping_policy.sql | 14 +- src/deploy/table_event_recommendation.sql | 15 +- .../table_event_recommendation_policy.sql | 11 + src/deploy/table_user_interest.sql | 17 +- src/deploy/table_user_interest_policy.sql | 30 +- src/revert/enum_event_category.sql | 7 - src/revert/table_event_category.sql | 7 + src/revert/table_user_interest.sql | 4 +- src/revert/table_user_interest_policy.sql | 8 +- src/sqitch.plan | 14 +- src/verify/enum_event_category.sql | 10 - src/verify/table_event_category.sql | 8 + src/verify/table_event_recommendation.sql | 2 +- .../table_event_recommendation_policy.sql | 9 +- src/verify/table_user_interest.sql | 6 +- src/verify/table_user_interest_policy.sql | 10 +- 21 files changed, 356 insertions(+), 201 deletions(-) delete mode 100644 src/deploy/enum_event_category.sql create mode 100644 src/deploy/table_event_category.sql delete mode 100644 src/revert/enum_event_category.sql create mode 100644 src/revert/table_event_category.sql delete mode 100644 src/verify/enum_event_category.sql create mode 100644 src/verify/table_event_category.sql diff --git a/schema/schema-update.sh b/schema/schema-update.sh index 331de73b..8425572a 100755 --- a/schema/schema-update.sh +++ b/schema/schema-update.sh @@ -3,8 +3,8 @@ THIS=$(dirname "$(readlink -f "$0")") image=maevsi/sqitch -docker build -t "$image:build" --target build "$THIS/.." # --no-cache --progress plain +sudo docker build -t "$image:build" --target build "$THIS/.." # --no-cache --progress plain -container_id="$(docker create $image:build)" -docker cp "$container_id:/srv/app/schema.sql" "$THIS/schema.definition.sql" -docker rm -v "$container_id" +container_id="$(sudo docker create $image:build)" +sudo docker cp "$container_id:/srv/app/schema.sql" "$THIS/schema.definition.sql" +sudo docker rm -v "$container_id" diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 493eab81..55803206 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -76,32 +76,6 @@ CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA maevsi; COMMENT ON EXTENSION pgcrypto IS 'Provides password hashing functions.'; --- --- Name: event_category; Type: TYPE; Schema: maevsi; Owner: postgres --- - -CREATE TYPE maevsi.event_category AS ENUM ( - 'bar', - 'charities', - 'culture', - 'fashion', - 'festival', - 'film', - 'food_and_drinks', - 'kids_and_family', - 'lectures_and_books', - 'music', - 'networking', - 'nightlife', - 'performing_arts', - 'seminars', - 'sports_and_active_life', - 'visual_arts' -); - - -ALTER TYPE maevsi.event_category OWNER TO postgres; - -- -- Name: jwt; Type: TYPE; Schema: maevsi; Owner: postgres -- @@ -1549,6 +1523,39 @@ COMMENT ON COLUMN maevsi.account.id IS 'The account''s internal id.'; COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.'; +-- +-- Name: account_interest; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.account_interest ( + account_id uuid NOT NULL, + category text NOT NULL +); + + +ALTER TABLE maevsi.account_interest OWNER TO postgres; + +-- +-- Name: TABLE account_interest; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.account_interest IS 'Event categories a user account is interested in (M:N relationship).'; + + +-- +-- Name: COLUMN account_interest.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_interest.account_id IS 'A user account id.'; + + +-- +-- Name: COLUMN account_interest.category; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_interest.category IS 'An event category.'; + + -- -- Name: contact; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -1654,18 +1661,64 @@ COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international p COMMENT ON COLUMN maevsi.contact.url IS 'The contact''s website url.'; +-- +-- Name: event_category; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.event_category ( + category text NOT NULL +); + + +ALTER TABLE maevsi.event_category OWNER TO postgres; + +-- +-- Name: TABLE event_category; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.event_category IS 'Event categories.'; + + +-- +-- Name: COLUMN event_category.category; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_category.category IS 'A category name.'; + + -- -- Name: event_category_mapping; Type: TABLE; Schema: maevsi; Owner: postgres -- CREATE TABLE maevsi.event_category_mapping ( event_id uuid NOT NULL, - category maevsi.event_category NOT NULL + category text NOT NULL ); ALTER TABLE maevsi.event_category_mapping OWNER TO postgres; +-- +-- Name: TABLE event_category_mapping; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.event_category_mapping IS 'Mepping events to categories (M:N relationship).'; + + +-- +-- Name: COLUMN event_category_mapping.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_category_mapping.event_id IS 'An event id.'; + + +-- +-- Name: COLUMN event_category_mapping.category; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_category_mapping.category IS 'A category name.'; + + -- -- Name: event_group; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -1783,7 +1836,7 @@ COMMENT ON COLUMN maevsi.event_grouping.event_id IS 'The event grouping''s inter -- CREATE TABLE maevsi.event_recommendation ( - user_id uuid NOT NULL, + account_id uuid NOT NULL, event_id uuid NOT NULL, score real, predicted_score real @@ -1792,6 +1845,41 @@ CREATE TABLE maevsi.event_recommendation ( ALTER TABLE maevsi.event_recommendation OWNER TO postgres; +-- +-- Name: TABLE event_recommendation; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.event_recommendation IS 'Events recommended to a user account (M:N relationship).'; + + +-- +-- Name: COLUMN event_recommendation.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_recommendation.account_id IS 'A user account id.'; + + +-- +-- Name: COLUMN event_recommendation.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_recommendation.event_id IS 'The predicted score of the recommendation.'; + + +-- +-- Name: COLUMN event_recommendation.score; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_recommendation.score IS 'An event id.'; + + +-- +-- Name: COLUMN event_recommendation.predicted_score; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_recommendation.predicted_score IS 'The score of the recommendation.'; + + -- -- Name: invitation; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -1892,18 +1980,6 @@ COMMENT ON COLUMN maevsi.profile_picture.account_id IS 'The account''s id.'; COMMENT ON COLUMN maevsi.profile_picture.upload_id IS 'The upload''s id.'; --- --- Name: user_interest; Type: TABLE; Schema: maevsi; Owner: postgres --- - -CREATE TABLE maevsi.user_interest ( - user_id uuid NOT NULL, - category maevsi.event_category NOT NULL -); - - -ALTER TABLE maevsi.user_interest OWNER TO postgres; - -- -- Name: account; Type: TABLE; Schema: maevsi_private; Owner: postgres -- @@ -2589,6 +2665,14 @@ COMMENT ON COLUMN sqitch.tags.planner_name IS 'Name of the user who planed the t COMMENT ON COLUMN sqitch.tags.planner_email IS 'Email address of the user who planned the tag.'; +-- +-- Name: account_interest account_interest_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_interest + ADD CONSTRAINT account_interest_pkey PRIMARY KEY (account_id, category); + + -- -- Name: account account_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -2637,6 +2721,14 @@ ALTER TABLE ONLY maevsi.event_category_mapping ADD CONSTRAINT event_category_mapping_pkey PRIMARY KEY (event_id, category); +-- +-- Name: event_category event_category_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_category + ADD CONSTRAINT event_category_pkey PRIMARY KEY (category); + + -- -- Name: event_group event_group_author_account_id_slug_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -2682,7 +2774,7 @@ ALTER TABLE ONLY maevsi.event -- ALTER TABLE ONLY maevsi.event_recommendation - ADD CONSTRAINT event_recommendation_pkey PRIMARY KEY (user_id, event_id); + ADD CONSTRAINT event_recommendation_pkey PRIMARY KEY (account_id, event_id); -- @@ -2733,14 +2825,6 @@ ALTER TABLE ONLY maevsi.upload ADD CONSTRAINT upload_storage_key_key UNIQUE (storage_key); --- --- Name: user_interest user_interest_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres --- - -ALTER TABLE ONLY maevsi.user_interest - ADD CONSTRAINT user_interest_pkey PRIMARY KEY (user_id, category); - - -- -- Name: account account_email_address_key; Type: CONSTRAINT; Schema: maevsi_private; Owner: postgres -- @@ -2980,6 +3064,22 @@ ALTER TABLE ONLY maevsi.account ADD CONSTRAINT account_id_fkey FOREIGN KEY (id) REFERENCES maevsi_private.account(id) ON DELETE CASCADE; +-- +-- Name: account_interest account_interest_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_interest + ADD CONSTRAINT account_interest_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; + + +-- +-- Name: account_interest account_interest_category_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_interest + ADD CONSTRAINT account_interest_category_fkey FOREIGN KEY (category) REFERENCES maevsi.event_category(category) ON DELETE CASCADE; + + -- -- Name: contact contact_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3004,6 +3104,14 @@ ALTER TABLE ONLY maevsi.event ADD CONSTRAINT event_author_account_id_fkey FOREIGN KEY (author_account_id) REFERENCES maevsi.account(id); +-- +-- Name: event_category_mapping event_category_mapping_category_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_category_mapping + ADD CONSTRAINT event_category_mapping_category_fkey FOREIGN KEY (category) REFERENCES maevsi.event_category(category) ON DELETE CASCADE; + + -- -- Name: event_category_mapping event_category_mapping_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3037,19 +3145,19 @@ ALTER TABLE ONLY maevsi.event_grouping -- --- Name: event_recommendation event_recommendation_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: event_recommendation event_recommendation_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- ALTER TABLE ONLY maevsi.event_recommendation - ADD CONSTRAINT event_recommendation_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; + ADD CONSTRAINT event_recommendation_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; -- --- Name: event_recommendation event_recommendation_user_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: event_recommendation event_recommendation_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- ALTER TABLE ONLY maevsi.event_recommendation - ADD CONSTRAINT event_recommendation_user_id_fkey FOREIGN KEY (user_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; + ADD CONSTRAINT event_recommendation_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; -- @@ -3092,14 +3200,6 @@ ALTER TABLE ONLY maevsi.upload ADD CONSTRAINT upload_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id); --- --- Name: user_interest user_interest_user_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres --- - -ALTER TABLE ONLY maevsi.user_interest - ADD CONSTRAINT user_interest_user_id_fkey FOREIGN KEY (user_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; - - -- -- Name: changes changes_project_fkey; Type: FK CONSTRAINT; Schema: sqitch; Owner: postgres -- @@ -3154,6 +3254,33 @@ ALTER TABLE ONLY sqitch.tags ALTER TABLE maevsi.account ENABLE ROW LEVEL SECURITY; +-- +-- Name: account_interest; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.account_interest ENABLE ROW LEVEL SECURITY; + +-- +-- Name: account_interest account_interest_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + +-- +-- Name: account_interest account_interest_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + +-- +-- Name: account_interest account_interest_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + -- -- Name: account account_select; Type: POLICY; Schema: maevsi; Owner: postgres -- @@ -3225,9 +3352,7 @@ CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND ((( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) OR (( SELECT event.visibility - FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = 'public'::maevsi.event_visibility) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited))))); + WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited))))); -- @@ -3255,6 +3380,13 @@ CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK ((((NULLIF(curr ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; +-- +-- Name: event_recommendation event_recommendation_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); + + -- -- Name: event event_select; Type: POLICY; Schema: maevsi; Owner: postgres -- @@ -3371,33 +3503,6 @@ CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING (((( SELECT CREATE POLICY upload_update_using ON maevsi.upload FOR UPDATE USING ((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name)); --- --- Name: user_interest; Type: ROW SECURITY; Schema: maevsi; Owner: postgres --- - -ALTER TABLE maevsi.user_interest ENABLE ROW LEVEL SECURITY; - --- --- Name: user_interest user_interest_delete; Type: POLICY; Schema: maevsi; Owner: postgres --- - -CREATE POLICY user_interest_delete ON maevsi.user_interest FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (user_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); - - --- --- Name: user_interest user_interest_insert; Type: POLICY; Schema: maevsi; Owner: postgres --- - -CREATE POLICY user_interest_insert ON maevsi.user_interest FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (user_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); - - --- --- Name: user_interest user_interest_select; Type: POLICY; Schema: maevsi; Owner: postgres --- - -CREATE POLICY user_interest_select ON maevsi.user_interest FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (user_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); - - -- -- Name: SCHEMA maevsi; Type: ACL; Schema: -; Owner: postgres -- @@ -3920,6 +4025,13 @@ GRANT SELECT ON TABLE maevsi.account TO maevsi_account; GRANT SELECT ON TABLE maevsi.account TO maevsi_anonymous; +-- +-- Name: TABLE account_interest; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.account_interest TO maevsi_account; + + -- -- Name: TABLE contact; Type: ACL; Schema: maevsi; Owner: postgres -- @@ -3951,6 +4063,13 @@ GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE maevsi.event_grouping TO maevsi_accou GRANT SELECT ON TABLE maevsi.event_grouping TO maevsi_anonymous; +-- +-- Name: TABLE event_recommendation; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_recommendation TO maevsi_account; + + -- -- Name: TABLE invitation; Type: ACL; Schema: maevsi; Owner: postgres -- @@ -3968,13 +4087,6 @@ GRANT SELECT ON TABLE maevsi.profile_picture TO maevsi_anonymous; GRANT SELECT,DELETE ON TABLE maevsi.profile_picture TO maevsi_tusd; --- --- Name: TABLE user_interest; Type: ACL; Schema: maevsi; Owner: postgres --- - -GRANT SELECT,INSERT,DELETE ON TABLE maevsi.user_interest TO maevsi_account; - - -- -- Name: DEFAULT PRIVILEGES FOR FUNCTIONS; Type: DEFAULT ACL; Schema: -; Owner: postgres -- diff --git a/src/deploy/enum_event_category.sql b/src/deploy/enum_event_category.sql deleted file mode 100644 index c8374943..00000000 --- a/src/deploy/enum_event_category.sql +++ /dev/null @@ -1,24 +0,0 @@ --- Deploy maevsi:enum_event_category to pg - -BEGIN; - -CREATE TYPE maevsi.event_category AS ENUM ( - 'bar', - 'charities', - 'culture', - 'fashion', - 'festival', - 'film', - 'food_and_drinks', - 'kids_and_family', - 'lectures_and_books', - 'music', - 'networking', - 'nightlife', - 'performing_arts', - 'seminars', - 'sports_and_active_life', - 'visual_arts' -); - -COMMIT; diff --git a/src/deploy/table_event_category.sql b/src/deploy/table_event_category.sql new file mode 100644 index 00000000..85770c04 --- /dev/null +++ b/src/deploy/table_event_category.sql @@ -0,0 +1,30 @@ +-- Deploy maevsi:table_event_category to pg + +BEGIN; + +CREATE TABLE maevsi.event_category( + category TEXT PRIMARY KEY +); + +COMMENT ON TABLE maevsi.event_category IS 'Event categories.'; +COMMENT ON COLUMN maevsi.event_category.category IS 'A category name.'; + +INSERT INTO maevsi.event_category(category) +VALUES ('bar'), + ('charities'), + ('culture'), + ('fashion'), + ('festival'), + ('film'), + ('food_and_drinks'), + ('kids_and_family'), + ('lectures_and_books'), + ('music'), + ('networking'), + ('nightlife'), + ('performing_arts'), + ('seminars'), + ('sports_and_active_life'), + ('visual_arts'); + +END; diff --git a/src/deploy/table_event_category_mapping.sql b/src/deploy/table_event_category_mapping.sql index 5eb47b1f..c23b2ee4 100644 --- a/src/deploy/table_event_category_mapping.sql +++ b/src/deploy/table_event_category_mapping.sql @@ -1,11 +1,18 @@ -- Deploy maevsi:table_event_category_mapping to pg +-- requires: schema_public +-- requires: table_event +-- requires: table_event_category BEGIN; -CREATE TABLE maevsi.event_category_mapping ( - event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, - category maevsi.event_category NOT NULL, - PRIMARY KEY (event_id, category) +CREATE TABLE maevsi.event_category_mapping ( + event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, + category TEXT NOT NULL REFERENCES maevsi.event_category(category) ON DELETE CASCADE, + PRIMARY KEY (event_id, category) ); +COMMENT ON TABLE maevsi.event_category_mapping IS 'Mepping events to categories (M:N relationship).'; +COMMENT ON COLUMN maevsi.event_category_mapping.event_id IS 'An event id.'; +COMMENT ON COLUMN maevsi.event_category_mapping.category IS 'A category name.'; + COMMIT; diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index 9f9fce81..276c3d9e 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -5,14 +5,24 @@ BEGIN; GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; -- Only allow selects for events authored by user, events that are public or that the user is invited to. +-- Exclude events created by a blocked user and invitated events where the invation comes form a blocked user. CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ( NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL AND ( (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +-- TODO: condition using table maevsi.account_block to be added later +/* OR (SELECT visibility FROM maevsi.event WHERE id = event_id) = 'public' - OR - event_id IN (SELECT maevsi_private.events_invited()) + AND event_id NOT IN ( + SELECT e.event_id + FROM maevsi.event e JOIN maevsi.account_block b ON e.account_id = b.blocked_account_id + WHERE b.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + ) +*/ + OR + -- exclusion of invitations from a blocked account implemented in function events_invited + event_id IN (SELECT maevsi_private.events_invited()) ) ); diff --git a/src/deploy/table_event_recommendation.sql b/src/deploy/table_event_recommendation.sql index e4948126..559c0fd3 100644 --- a/src/deploy/table_event_recommendation.sql +++ b/src/deploy/table_event_recommendation.sql @@ -1,13 +1,24 @@ -- Deploy maevsi:table_event_recommendation to pg +-- requires: schema_public +-- requires: table_account +-- requires: table_event BEGIN; CREATE TABLE maevsi.event_recommendation ( - user_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + account_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, score float(8), predicted_score float(8), - PRIMARY KEY (user_id, event_id) + + PRIMARY KEY (account_id, event_id) ); +COMMENT ON TABLE maevsi.event_recommendation IS 'Events recommended to a user account (M:N relationship).'; +COMMENT ON COLUMN maevsi.event_recommendation.account_id IS 'A user account id.'; +COMMENT ON COLUMN maevsi.event_recommendation.event_id IS 'An event id.'; +COMMENT ON COLUMN maevsi.event_recommendation.score IS 'An event id.'; +COMMENT ON COLUMN maevsi.event_recommendation.predicted_score IS 'The score of the recommendation.'; +COMMENT ON COLUMN maevsi.event_recommendation.event_id IS 'The predicted score of the recommendation.'; + COMMIT; diff --git a/src/deploy/table_event_recommendation_policy.sql b/src/deploy/table_event_recommendation_policy.sql index 78ce3eb5..a5e51b4e 100644 --- a/src/deploy/table_event_recommendation_policy.sql +++ b/src/deploy/table_event_recommendation_policy.sql @@ -2,6 +2,17 @@ BEGIN; +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_recommendation TO maevsi_account; + ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; +-- Only allow selects by the current user. +CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- TODO: policies for background process updating the recommendations + COMMIT; diff --git a/src/deploy/table_user_interest.sql b/src/deploy/table_user_interest.sql index 545a8928..d4402bae 100644 --- a/src/deploy/table_user_interest.sql +++ b/src/deploy/table_user_interest.sql @@ -1,12 +1,19 @@ --- Deploy maevsi:table_user_interest to pg +-- Deploy maevsi:table_account_interest to pg +-- requires: schema_public +-- requires: table_event +-- requires: table_event_category BEGIN; -CREATE TABLE maevsi.user_interest ( - user_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, - category maevsi.event_category NOT NULL, - PRIMARY KEY (user_id, category) +CREATE TABLE maevsi.account_interest ( + account_id UUID NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + category TEXT NOT NULL REFERENCES maevsi.event_category(category) ON DELETE CASCADE, + + PRIMARY KEY (account_id, category) ); +COMMENT ON TABLE maevsi.account_interest IS 'Event categories a user account is interested in (M:N relationship).'; +COMMENT ON COLUMN maevsi.account_interest.account_id IS 'A user account id.'; +COMMENT ON COLUMN maevsi.account_interest.category IS 'An event category.'; COMMIT; diff --git a/src/deploy/table_user_interest_policy.sql b/src/deploy/table_user_interest_policy.sql index c98d8b4d..f7e9f0ad 100644 --- a/src/deploy/table_user_interest_policy.sql +++ b/src/deploy/table_user_interest_policy.sql @@ -1,30 +1,24 @@ --- Deploy maevsi:table_user_interest_policy to pg +-- Deploy maevsi:table_account_interest_policy to pg BEGIN; -GRANT SELECT, INSERT, DELETE ON TABLE maevsi.user_interest TO maevsi_account; +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_interest TO maevsi_account; -ALTER TABLE maevsi.user_interest ENABLE ROW LEVEL SECURITY; +ALTER TABLE maevsi.account_interest ENABLE ROW LEVEL SECURITY; --- Only allow selects by the current user. -CREATE POLICY user_interest_select ON maevsi.user_interest FOR SELECT USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL - AND - user_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +-- Only allow selects by the current account. +CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); --- Only allow inserts by the current user. -CREATE POLICY user_interest_insert ON maevsi.user_interest FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL - AND - user_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +-- Only allow inserts by the current account. +CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); --- Only allow deletes by the current user. -CREATE POLICY user_interest_delete ON maevsi.user_interest FOR DELETE USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL - AND - user_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +-- Only allow deletes by the current account. +CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); COMMIT; diff --git a/src/revert/enum_event_category.sql b/src/revert/enum_event_category.sql deleted file mode 100644 index e4ad96ef..00000000 --- a/src/revert/enum_event_category.sql +++ /dev/null @@ -1,7 +0,0 @@ --- Revert maevsi:enum_event_category from pg - -BEGIN; - -DROP TYPE maevsi.event_category; - -COMMIT; diff --git a/src/revert/table_event_category.sql b/src/revert/table_event_category.sql new file mode 100644 index 00000000..cbf7e910 --- /dev/null +++ b/src/revert/table_event_category.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_event_category from pg + +BEGIN; + +DROP TABLE maevsi.event_category; + +COMMIT; \ No newline at end of file diff --git a/src/revert/table_user_interest.sql b/src/revert/table_user_interest.sql index 01f172f1..7a4f3177 100644 --- a/src/revert/table_user_interest.sql +++ b/src/revert/table_user_interest.sql @@ -1,7 +1,7 @@ --- Revert maevsi:table_user_interest from pg +-- Revert maevsi:table_account_interest from pg BEGIN; -DROP TABLE maevsi.user_interest; +DROP TABLE maevsi.account_interest; COMMIT; diff --git a/src/revert/table_user_interest_policy.sql b/src/revert/table_user_interest_policy.sql index 5d10c1f4..754eb33f 100644 --- a/src/revert/table_user_interest_policy.sql +++ b/src/revert/table_user_interest_policy.sql @@ -1,9 +1,9 @@ --- Revert maevsi:table_user_interest_policy from pg +-- Revert maevsi:table_account_interest_policy from pg BEGIN; -DROP POLICY user_interest_select ON maevsi.user_interest; -DROP POLICY user_interest_insert ON maevsi.user_interest; -DROP POLICY user_interest_delete ON maevsi.user_interest; +DROP POLICY account_interest_select ON maevsi.account_interest; +DROP POLICY account_interest_insert ON maevsi.account_interest; +DROP POLICY account_interest_delete ON maevsi.account_interest; COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 1de21c1e..77ff46a9 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -62,10 +62,10 @@ function_notification_acknowledge [privilege_execute_revoke schema_public schema function_account_upload_quota_bytes [privilege_execute_revoke schema_public schema_private table_account_private role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Gets the total upload quota in bytes for the invoking account. database_grafana 1970-01-01T00:00:00Z Jonas Thelemann # Create observation dashboard's database. role_grafana [database_grafana] 1970-01-01T00:00:00Z Jonas Thelemann # Add role grafana. -enum_event_category 2024-01-19T14:03:33Z marlon # enum_event_category\n deploy/enum_event_category.sql\n revert/enum_event_category.sql\n verify/enum_event_category.sql -table_user_interest 2024-01-19T14:06:54Z marlon # table_user_interest\n deploy/table_user_interest.sql\n revert/table_user_interest.sql\n verify/table_user_interest.sql -table_event_category_mapping 2024-01-19T14:10:16Z marlon # table_event_category_mapping\n deploy/table_event_category_mapping.sql\n revert/table_event_category_mapping.sql\n verify/table_event_category_mapping.sql -table_event_recommendation 2024-01-19T14:12:12Z marlon # table_event_recommendation\n deploy/table_event_recommendation.sql\n revert/table_event_recommendation.sql\n verify/table_event_recommendation.sql -table_user_interest_policy 2024-01-25T20:55:28Z marlon # deploy/table_user_interest_policy.sql\n revert/table_user_interest_policy.sql\n verify/table_user_interest_policy.sql -table_event_recommendation_policy 2024-01-25T21:28:46Z marlon # table_event_recommendation_policy\n deploy/table_event_recommendation_policy.sql\n revert/table_event_recommendation_policy.sql\n verify/table_event_recommendation_policy.sql -table_event_category_mapping_policy 2024-01-25T21:40:30Z marlon # table_event_category_mapping_policy\n deploy/table_event_category_mapping_policy.sql\n revert/table_event_category_mapping_policy.sql\n verify/table_event_category_mapping_policy.sql +table_event_category [schema_public] 2024-01-19T14:03:33Z sven # Event categories. +table_user_interest [schema_public] 2024-01-19T14:06:54Z marlon # Event categories a user account is interested in (M:N relationship). +table_event_category_mapping [schema_public table_event table_event_category] 2024-01-19T14:10:16Z marlon # Mepping events to categories (M:N relationship). +table_event_recommendation [schema_public table_account_private table_event] 2024-01-19T14:12:12Z marlon # Events recommended to a user account (M:N relationship). +table_user_interest_policy [schema_public table_user_interest] 2024-01-25T20:55:28Z marlon # Row level security policies for table account_interest_policy. +table_event_recommendation_policy [schema_public table_event_recommendation] 2024-01-25T21:28:46Z marlon # Row level security policies for table event_recommendation. +table_event_category_mapping_policy [schema_public table_event_category_mapping] 2024-01-25T21:40:30Z marlon # Row level security policies for table event_recommendation_mapping. diff --git a/src/verify/enum_event_category.sql b/src/verify/enum_event_category.sql deleted file mode 100644 index 1fecf8d5..00000000 --- a/src/verify/enum_event_category.sql +++ /dev/null @@ -1,10 +0,0 @@ --- Verify maevsi:enum_event_category on pg - -BEGIN; - -DO $$ -BEGIN - ASSERT (SELECT pg_catalog.has_type_privilege('maevsi.event_category', 'USAGE')); -END $$; - -ROLLBACK; diff --git a/src/verify/table_event_category.sql b/src/verify/table_event_category.sql new file mode 100644 index 00000000..4cfe1bd6 --- /dev/null +++ b/src/verify/table_event_category.sql @@ -0,0 +1,8 @@ +-- Verify maevsi:table_event_category pg + +BEGIN; + +SELECT category +FROM maevsi.event_category WHERE FALSE; + +ROLLBACK; \ No newline at end of file diff --git a/src/verify/table_event_recommendation.sql b/src/verify/table_event_recommendation.sql index a07df469..26a7b5ca 100644 --- a/src/verify/table_event_recommendation.sql +++ b/src/verify/table_event_recommendation.sql @@ -2,7 +2,7 @@ BEGIN; -SELECT user_id, +SELECT account_id, event_id, score, predicted_score diff --git a/src/verify/table_event_recommendation_policy.sql b/src/verify/table_event_recommendation_policy.sql index daa94bf6..e3c5cadc 100644 --- a/src/verify/table_event_recommendation_policy.sql +++ b/src/verify/table_event_recommendation_policy.sql @@ -4,11 +4,10 @@ BEGIN; DO $$ BEGIN - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'SELECT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'INSERT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'DELETE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'INSERT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'DELETE')); + ASSERT NOT(SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'UPDATE')); END $$; ROLLBACK; - diff --git a/src/verify/table_user_interest.sql b/src/verify/table_user_interest.sql index 7ffefcad..72162850 100644 --- a/src/verify/table_user_interest.sql +++ b/src/verify/table_user_interest.sql @@ -1,9 +1,9 @@ --- Verify maevsi:table_user_interest on pg +-- Verify maevsi:table_account_interest on pg BEGIN; -SELECT user_id, +SELECT account_id, category -FROM maevsi.user_interest WHERE FALSE; +FROM maevsi.account_interest WHERE FALSE; ROLLBACK; diff --git a/src/verify/table_user_interest_policy.sql b/src/verify/table_user_interest_policy.sql index 04062f71..f2544d6a 100644 --- a/src/verify/table_user_interest_policy.sql +++ b/src/verify/table_user_interest_policy.sql @@ -1,13 +1,13 @@ --- Verify maevsi:table_user_interest_policy on pg +-- Verify maevsi:table_account_interest_policy on pg BEGIN; DO $$ BEGIN - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'SELECT')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'INSERT')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'DELETE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.user_interest', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'INSERT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'UPDATE')); END $$; ROLLBACK; From ef2b14eb3f360580fd1eea77c27e3f5acd0431af Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Wed, 6 Nov 2024 00:31:37 +0100 Subject: [PATCH 019/105] chore(recommendation): file names changed File names changed to be in accordance with table name. --- .../{table_user_interest.sql => table_account_interest.sql} | 0 ..._interest_policy.sql => table_account_interest_policy.sql} | 0 .../{table_user_interest.sql => table_account_interest.sql} | 0 ..._interest_policy.sql => table_account_interest_policy.sql} | 0 src/sqitch.plan | 4 ++-- .../{table_user_interest.sql => table_account_interest.sql} | 0 ..._interest_policy.sql => table_account_interest_policy.sql} | 0 7 files changed, 2 insertions(+), 2 deletions(-) rename src/deploy/{table_user_interest.sql => table_account_interest.sql} (100%) rename src/deploy/{table_user_interest_policy.sql => table_account_interest_policy.sql} (100%) rename src/revert/{table_user_interest.sql => table_account_interest.sql} (100%) rename src/revert/{table_user_interest_policy.sql => table_account_interest_policy.sql} (100%) rename src/verify/{table_user_interest.sql => table_account_interest.sql} (100%) rename src/verify/{table_user_interest_policy.sql => table_account_interest_policy.sql} (100%) diff --git a/src/deploy/table_user_interest.sql b/src/deploy/table_account_interest.sql similarity index 100% rename from src/deploy/table_user_interest.sql rename to src/deploy/table_account_interest.sql diff --git a/src/deploy/table_user_interest_policy.sql b/src/deploy/table_account_interest_policy.sql similarity index 100% rename from src/deploy/table_user_interest_policy.sql rename to src/deploy/table_account_interest_policy.sql diff --git a/src/revert/table_user_interest.sql b/src/revert/table_account_interest.sql similarity index 100% rename from src/revert/table_user_interest.sql rename to src/revert/table_account_interest.sql diff --git a/src/revert/table_user_interest_policy.sql b/src/revert/table_account_interest_policy.sql similarity index 100% rename from src/revert/table_user_interest_policy.sql rename to src/revert/table_account_interest_policy.sql diff --git a/src/sqitch.plan b/src/sqitch.plan index 77ff46a9..6588dbb0 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -63,9 +63,9 @@ function_account_upload_quota_bytes [privilege_execute_revoke schema_public sche database_grafana 1970-01-01T00:00:00Z Jonas Thelemann # Create observation dashboard's database. role_grafana [database_grafana] 1970-01-01T00:00:00Z Jonas Thelemann # Add role grafana. table_event_category [schema_public] 2024-01-19T14:03:33Z sven # Event categories. -table_user_interest [schema_public] 2024-01-19T14:06:54Z marlon # Event categories a user account is interested in (M:N relationship). +table_account_interest [schema_public] 2024-01-19T14:06:54Z marlon # Event categories a user account is interested in (M:N relationship). table_event_category_mapping [schema_public table_event table_event_category] 2024-01-19T14:10:16Z marlon # Mepping events to categories (M:N relationship). table_event_recommendation [schema_public table_account_private table_event] 2024-01-19T14:12:12Z marlon # Events recommended to a user account (M:N relationship). -table_user_interest_policy [schema_public table_user_interest] 2024-01-25T20:55:28Z marlon # Row level security policies for table account_interest_policy. +table_account_interest_policy [schema_public table_account_interest] 2024-01-25T20:55:28Z marlon # Row level security policies for table account_interest_policy. table_event_recommendation_policy [schema_public table_event_recommendation] 2024-01-25T21:28:46Z marlon # Row level security policies for table event_recommendation. table_event_category_mapping_policy [schema_public table_event_category_mapping] 2024-01-25T21:40:30Z marlon # Row level security policies for table event_recommendation_mapping. diff --git a/src/verify/table_user_interest.sql b/src/verify/table_account_interest.sql similarity index 100% rename from src/verify/table_user_interest.sql rename to src/verify/table_account_interest.sql diff --git a/src/verify/table_user_interest_policy.sql b/src/verify/table_account_interest_policy.sql similarity index 100% rename from src/verify/table_user_interest_policy.sql rename to src/verify/table_account_interest_policy.sql From 2f3dc5ecd5b11657fb99dc94f364b7d11950904d Mon Sep 17 00:00:00 2001 From: dargmuesli Date: Sat, 9 Nov 2024 00:44:14 +0000 Subject: [PATCH 020/105] fix: schedule release From 26b69a0f75ef10ef64cde3b1da27886b3f43f753 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 9 Nov 2024 00:46:06 +0000 Subject: [PATCH 021/105] chore(release): 4.0.3 [skip ci] ## [4.0.3](https://github.com/maevsi/sqitch/compare/4.0.2...4.0.3) (2024-11-09) ### Bug Fixes * schedule release ([2f3dc5e](https://github.com/maevsi/sqitch/commit/2f3dc5ecd5b11657fb99dc94f364b7d11950904d)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a5be2f8..d35d3c4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.0.3](https://github.com/maevsi/sqitch/compare/4.0.2...4.0.3) (2024-11-09) + +### Bug Fixes + +* schedule release ([2f3dc5e](https://github.com/maevsi/sqitch/commit/2f3dc5ecd5b11657fb99dc94f364b7d11950904d)) + ## [4.0.2](https://github.com/maevsi/sqitch/compare/4.0.1...4.0.2) (2024-10-26) ### Bug Fixes diff --git a/package.json b/package.json index 2e6d2a7f..46e33276 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.0.2", + "version": "4.0.3", "private": true, "engines": { "node": "22" From da1d6ea0c73e950818a0635f3fe00c2deff4d1eb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 01:45:09 +0000 Subject: [PATCH 022/105] chore(deps): lock file maintenance --- pnpm-lock.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ef35285c..c84f4bc6 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: devDependencies: '@commitlint/cli': specifier: 19.5.0 - version: 19.5.0(@types/node@22.8.7)(typescript@5.6.3) + version: 19.5.0(@types/node@22.9.0)(typescript@5.6.3) '@commitlint/config-conventional': specifier: 19.5.0 version: 19.5.0 @@ -103,8 +103,8 @@ packages: '@types/conventional-commits-parser@5.0.0': resolution: {integrity: sha512-loB369iXNmAZglwWATL+WRe+CRMmmBPtpolYzIebFaX4YA3x+BEfLqhUAV9WanycKI3TG1IMr5bMJDajDKLlUQ==} - '@types/node@22.8.7': - resolution: {integrity: sha512-LidcG+2UeYIWcMuMUpBKOnryBWG/rnmOHQR5apjn8myTQcx3rinFRn7DcIFhMnS0PPFSC6OafdIKEad0lj6U0Q==} + '@types/node@22.9.0': + resolution: {integrity: sha512-vuyHg81vvWA1Z1ELfvLko2c8f34gyA0zaic0+Rllc5lbCnbSyuvb2Oxpm6TAUAC/2xZN3QGqxBNggD1nNR2AfQ==} JSONStream@1.3.5: resolution: {integrity: sha512-E+iruNOY8VV9s4JEbe1aNEm6MiszPRr/UfcHMz0TQh1BXSxHK+ASV1R6W4HpjBhSeS+54PIsAMCBmwD06LLsqQ==} @@ -429,11 +429,11 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.5.0(@types/node@22.8.7)(typescript@5.6.3)': + '@commitlint/cli@19.5.0(@types/node@22.9.0)(typescript@5.6.3)': dependencies: '@commitlint/format': 19.5.0 '@commitlint/lint': 19.5.0 - '@commitlint/load': 19.5.0(@types/node@22.8.7)(typescript@5.6.3) + '@commitlint/load': 19.5.0(@types/node@22.9.0)(typescript@5.6.3) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 tinyexec: 0.3.1 @@ -480,7 +480,7 @@ snapshots: '@commitlint/rules': 19.5.0 '@commitlint/types': 19.5.0 - '@commitlint/load@19.5.0(@types/node@22.8.7)(typescript@5.6.3)': + '@commitlint/load@19.5.0(@types/node@22.9.0)(typescript@5.6.3)': dependencies: '@commitlint/config-validator': 19.5.0 '@commitlint/execute-rule': 19.5.0 @@ -488,7 +488,7 @@ snapshots: '@commitlint/types': 19.5.0 chalk: 5.3.0 cosmiconfig: 9.0.0(typescript@5.6.3) - cosmiconfig-typescript-loader: 5.1.0(@types/node@22.8.7)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3) + cosmiconfig-typescript-loader: 5.1.0(@types/node@22.9.0)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3) lodash.isplainobject: 4.0.6 lodash.merge: 4.6.2 lodash.uniq: 4.5.0 @@ -541,9 +541,9 @@ snapshots: '@types/conventional-commits-parser@5.0.0': dependencies: - '@types/node': 22.8.7 + '@types/node': 22.9.0 - '@types/node@22.8.7': + '@types/node@22.9.0': dependencies: undici-types: 6.19.8 @@ -609,9 +609,9 @@ snapshots: meow: 12.1.1 split2: 4.2.0 - cosmiconfig-typescript-loader@5.1.0(@types/node@22.8.7)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3): + cosmiconfig-typescript-loader@5.1.0(@types/node@22.9.0)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3): dependencies: - '@types/node': 22.8.7 + '@types/node': 22.9.0 cosmiconfig: 9.0.0(typescript@5.6.3) jiti: 1.21.6 typescript: 5.6.3 From 221df5638e296b9cdb04e2bef9eca3ddaa940b0c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 02:32:28 +0000 Subject: [PATCH 023/105] chore(deps): update dargmuesli/github-actions action to v2.3.5 --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-schedule.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1dc88656..1ba3bc8d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.4 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.5 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -35,7 +35,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.4 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.5 needs: release_semantic_dry permissions: packages: write @@ -44,7 +44,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.4 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.5 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index b0111d75..5d80fcaf 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.4 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.5 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: From 9f02bb4df20db4b1e2c6697ca38660846a6b4595 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 14:12:31 +0000 Subject: [PATCH 024/105] chore(deps): update pnpm to v9.13.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 46e33276..55cbde78 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.12.3", + "packageManager": "pnpm@9.13.0", "scripts": { "prepare": "husky" }, From 29d7e663612919213c2bcff5f2ed38fe3e3fd5b2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 07:07:43 +0000 Subject: [PATCH 025/105] chore(deps): update all non-major dependencies (#80) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1e482806..6270017f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ CMD ["sqitch", "--chdir", "src", "deploy", "&&", "sleep", "infinity"] ########################### -FROM postgres:17.0 AS build +FROM postgres:17.1 AS build ENV POSTGRES_DB=maevsi ENV POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password diff --git a/package.json b/package.json index 55cbde78..4a248aba 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.13.0", + "packageManager": "pnpm@9.13.2", "scripts": { "prepare": "husky" }, From 1f54ae20aa31fa3f322eca46db74194482582649 Mon Sep 17 00:00:00 2001 From: dargmuesli Date: Sat, 16 Nov 2024 00:48:40 +0000 Subject: [PATCH 026/105] fix: schedule release From e055a791b29bc02b26c6c11ca216ca479cfe14cf Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 16 Nov 2024 00:51:31 +0000 Subject: [PATCH 027/105] chore(release): 4.0.4 [skip ci] ## [4.0.4](https://github.com/maevsi/sqitch/compare/4.0.3...4.0.4) (2024-11-16) ### Bug Fixes * schedule release ([1f54ae2](https://github.com/maevsi/sqitch/commit/1f54ae20aa31fa3f322eca46db74194482582649)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d35d3c4b..7c802e8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.0.4](https://github.com/maevsi/sqitch/compare/4.0.3...4.0.4) (2024-11-16) + +### Bug Fixes + +* schedule release ([1f54ae2](https://github.com/maevsi/sqitch/commit/1f54ae20aa31fa3f322eca46db74194482582649)) + ## [4.0.3](https://github.com/maevsi/sqitch/compare/4.0.2...4.0.3) (2024-11-09) ### Bug Fixes diff --git a/package.json b/package.json index 4a248aba..60f1048b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.0.3", + "version": "4.0.4", "private": true, "engines": { "node": "22" From 32f3eaa2b4c9725b223e7f485f17d477246e189f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 17:17:50 +0000 Subject: [PATCH 028/105] chore(deps): update dependency husky to v9.1.7 --- package.json | 2 +- pnpm-lock.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 60f1048b..9ff5deae 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "@commitlint/cli": "19.5.0", "@commitlint/config-conventional": "19.5.0", "conventional-changelog-conventionalcommits": "8.0.0", - "husky": "9.1.6" + "husky": "9.1.7" }, "type": "module" } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c84f4bc6..ada2db11 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -18,8 +18,8 @@ importers: specifier: 8.0.0 version: 8.0.0 husky: - specifier: 9.1.6 - version: 9.1.6 + specifier: 9.1.7 + version: 9.1.7 packages: @@ -228,8 +228,8 @@ packages: resolution: {integrity: sha512-wHTUcDUoZ1H5/0iVqEudYW4/kAlN5cZ3j/bXn0Dpbizl9iaUVeWSHqiOjsgk6OW2bkLclbBjzewBz6weQ1zA2Q==} engines: {node: '>=18'} - husky@9.1.6: - resolution: {integrity: sha512-sqbjZKK7kf44hfdE94EoX8MZNk0n7HeW37O4YrVGCF4wzgQjp+akPAkfUK5LZ6KuR/6sqeAVuXHji+RzQgOn5A==} + husky@9.1.7: + resolution: {integrity: sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==} engines: {node: '>=18'} hasBin: true @@ -663,7 +663,7 @@ snapshots: dependencies: ini: 4.1.1 - husky@9.1.6: {} + husky@9.1.7: {} import-fresh@3.3.0: dependencies: From 3b83b32dc331f3745c2e1a7a418ee4596f388e5b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 12:17:08 +0000 Subject: [PATCH 029/105] chore(deps): update all non-major dependencies to v19.6.0 --- package.json | 4 ++-- pnpm-lock.yaml | 44 ++++++++++++++++++++++---------------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/package.json b/package.json index 9ff5deae..3e1ada52 100644 --- a/package.json +++ b/package.json @@ -10,8 +10,8 @@ "prepare": "husky" }, "devDependencies": { - "@commitlint/cli": "19.5.0", - "@commitlint/config-conventional": "19.5.0", + "@commitlint/cli": "19.6.0", + "@commitlint/config-conventional": "19.6.0", "conventional-changelog-conventionalcommits": "8.0.0", "husky": "9.1.7" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ada2db11..2e7e0d7e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,11 +9,11 @@ importers: .: devDependencies: '@commitlint/cli': - specifier: 19.5.0 - version: 19.5.0(@types/node@22.9.0)(typescript@5.6.3) + specifier: 19.6.0 + version: 19.6.0(@types/node@22.9.0)(typescript@5.6.3) '@commitlint/config-conventional': - specifier: 19.5.0 - version: 19.5.0 + specifier: 19.6.0 + version: 19.6.0 conventional-changelog-conventionalcommits: specifier: 8.0.0 version: 8.0.0 @@ -31,13 +31,13 @@ packages: resolution: {integrity: sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==} engines: {node: '>=6.9.0'} - '@commitlint/cli@19.5.0': - resolution: {integrity: sha512-gaGqSliGwB86MDmAAKAtV9SV1SHdmN8pnGq4EJU4+hLisQ7IFfx4jvU4s+pk6tl0+9bv6yT+CaZkufOinkSJIQ==} + '@commitlint/cli@19.6.0': + resolution: {integrity: sha512-v17BgGD9w5KnthaKxXnEg6KLq6DYiAxyiN44TpiRtqyW8NSq+Kx99mkEG8Qo6uu6cI5eMzMojW2muJxjmPnF8w==} engines: {node: '>=v18'} hasBin: true - '@commitlint/config-conventional@19.5.0': - resolution: {integrity: sha512-OBhdtJyHNPryZKg0fFpZNOBM1ZDbntMvqMuSmpfyP86XSfwzGw4CaoYRG4RutUPg0BTK07VMRIkNJT6wi2zthg==} + '@commitlint/config-conventional@19.6.0': + resolution: {integrity: sha512-DJT40iMnTYtBtUfw9ApbsLZFke1zKh6llITVJ+x9mtpHD08gsNXaIRqHTmwTZL3dNX5+WoyK7pCN/5zswvkBCQ==} engines: {node: '>=v18'} '@commitlint/config-validator@19.5.0': @@ -56,12 +56,12 @@ packages: resolution: {integrity: sha512-yNy088miE52stCI3dhG/vvxFo9e4jFkU1Mj3xECfzp/bIS/JUay4491huAlVcffOoMK1cd296q0W92NlER6r3A==} engines: {node: '>=v18'} - '@commitlint/is-ignored@19.5.0': - resolution: {integrity: sha512-0XQ7Llsf9iL/ANtwyZ6G0NGp5Y3EQ8eDQSxv/SRcfJ0awlBY4tHFAvwWbw66FVUaWICH7iE5en+FD9TQsokZ5w==} + '@commitlint/is-ignored@19.6.0': + resolution: {integrity: sha512-Ov6iBgxJQFR9koOupDPHvcHU9keFupDgtB3lObdEZDroiG4jj1rzky60fbQozFKVYRTUdrBGICHG0YVmRuAJmw==} engines: {node: '>=v18'} - '@commitlint/lint@19.5.0': - resolution: {integrity: sha512-cAAQwJcRtiBxQWO0eprrAbOurtJz8U6MgYqLz+p9kLElirzSCc0vGMcyCaA1O7AqBuxo11l1XsY3FhOFowLAAg==} + '@commitlint/lint@19.6.0': + resolution: {integrity: sha512-LRo7zDkXtcIrpco9RnfhOKeg8PAnE3oDDoalnrVU/EVaKHYBWYL1DlRR7+3AWn0JiBqD8yKOfetVxJGdEtZ0tg==} engines: {node: '>=v18'} '@commitlint/load@19.5.0': @@ -84,8 +84,8 @@ packages: resolution: {integrity: sha512-CU/GscZhCUsJwcKTJS9Ndh3AKGZTNFIOoQB2n8CmFnizE0VnEuJoum+COW+C1lNABEeqk6ssfc1Kkalm4bDklA==} engines: {node: '>=v18'} - '@commitlint/rules@19.5.0': - resolution: {integrity: sha512-hDW5TPyf/h1/EufSHEKSp6Hs+YVsDMHazfJ2azIk9tHPXS6UqSz1dIRs1gpqS3eMXgtkT7JH6TW4IShdqOwhAw==} + '@commitlint/rules@19.6.0': + resolution: {integrity: sha512-1f2reW7lbrI0X0ozZMesS/WZxgPa4/wi56vFuJENBmed6mWq5KsheN/nxqnl/C23ioxpPO/PL6tXpiiFy5Bhjw==} engines: {node: '>=v18'} '@commitlint/to-lines@19.5.0': @@ -429,10 +429,10 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.5.0(@types/node@22.9.0)(typescript@5.6.3)': + '@commitlint/cli@19.6.0(@types/node@22.9.0)(typescript@5.6.3)': dependencies: '@commitlint/format': 19.5.0 - '@commitlint/lint': 19.5.0 + '@commitlint/lint': 19.6.0 '@commitlint/load': 19.5.0(@types/node@22.9.0)(typescript@5.6.3) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 @@ -442,7 +442,7 @@ snapshots: - '@types/node' - typescript - '@commitlint/config-conventional@19.5.0': + '@commitlint/config-conventional@19.6.0': dependencies: '@commitlint/types': 19.5.0 conventional-changelog-conventionalcommits: 7.0.2 @@ -468,16 +468,16 @@ snapshots: '@commitlint/types': 19.5.0 chalk: 5.3.0 - '@commitlint/is-ignored@19.5.0': + '@commitlint/is-ignored@19.6.0': dependencies: '@commitlint/types': 19.5.0 semver: 7.6.3 - '@commitlint/lint@19.5.0': + '@commitlint/lint@19.6.0': dependencies: - '@commitlint/is-ignored': 19.5.0 + '@commitlint/is-ignored': 19.6.0 '@commitlint/parse': 19.5.0 - '@commitlint/rules': 19.5.0 + '@commitlint/rules': 19.6.0 '@commitlint/types': 19.5.0 '@commitlint/load@19.5.0(@types/node@22.9.0)(typescript@5.6.3)': @@ -521,7 +521,7 @@ snapshots: lodash.mergewith: 4.6.2 resolve-from: 5.0.0 - '@commitlint/rules@19.5.0': + '@commitlint/rules@19.6.0': dependencies: '@commitlint/ensure': 19.5.0 '@commitlint/message': 19.5.0 From b489e2bd94845536e8d23b75169e8e5ba41ab395 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 03:57:52 +0000 Subject: [PATCH 030/105] chore(deps): update all non-major dependencies --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-schedule.yml | 2 +- package.json | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1ba3bc8d..8ff900b7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.5 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.6 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -35,7 +35,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.5 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.6 needs: release_semantic_dry permissions: packages: write @@ -44,7 +44,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.5 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.6 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index 5d80fcaf..fd3dcee5 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.5 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.6 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: diff --git a/package.json b/package.json index 3e1ada52..fbfd19b4 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.13.2", + "packageManager": "pnpm@9.14.1", "scripts": { "prepare": "husky" }, From 636ded1e140a3203c3afc33def760652d093437b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:09:52 +0000 Subject: [PATCH 031/105] chore(deps): update pnpm to v9.14.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fbfd19b4..e97b906f 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.14.1", + "packageManager": "pnpm@9.14.2", "scripts": { "prepare": "husky" }, From 71cc5e46105e70205492d782207750805f1bc184 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Thu, 21 Nov 2024 11:11:54 +0100 Subject: [PATCH 032/105] feat(account): column day_of_birth added In table maevsi_private.account a new column was added to store the account owner's day of birth. --- schema/schema.definition.sql | 8 ++++++++ src/deploy/table_account_private.sql | 4 +++- src/verify/table_account_private.sql | 3 ++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index d35a250c..069b0949 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2165,6 +2165,7 @@ CREATE TABLE maevsi_private.account ( password_reset_verification uuid, password_reset_verification_valid_until timestamp without time zone, upload_quota_bytes bigint DEFAULT 10485760 NOT NULL, + day_of_birth date NOT NULL, CONSTRAINT account_email_address_check CHECK ((char_length(email_address) < 255)) ); @@ -2248,6 +2249,13 @@ COMMENT ON COLUMN maevsi_private.account.password_reset_verification_valid_until COMMENT ON COLUMN maevsi_private.account.upload_quota_bytes IS 'The account''s upload quota in bytes.'; +-- +-- Name: COLUMN account.day_of_birth; Type: COMMENT; Schema: maevsi_private; Owner: postgres +-- + +COMMENT ON COLUMN maevsi_private.account.day_of_birth IS 'The account owner''s day of birth.'; + + -- -- Name: achievement_code; Type: TABLE; Schema: maevsi_private; Owner: postgres -- diff --git a/src/deploy/table_account_private.sql b/src/deploy/table_account_private.sql index 78c53872..9a7ad3e3 100644 --- a/src/deploy/table_account_private.sql +++ b/src/deploy/table_account_private.sql @@ -14,7 +14,8 @@ CREATE TABLE maevsi_private.account ( password_hash TEXT NOT NULL, password_reset_verification UUID, password_reset_verification_valid_until TIMESTAMP, - upload_quota_bytes BIGINT NOT NULL DEFAULT 10485760 -- 10 mebibyte + upload_quota_bytes BIGINT NOT NULL DEFAULT 10485760, -- 10 mebibyte + day_of_birth DATE NOT NULL ); COMMENT ON TABLE maevsi_private.account IS 'Private account data.'; @@ -28,6 +29,7 @@ COMMENT ON COLUMN maevsi_private.account.password_hash IS 'The account''s passwo COMMENT ON COLUMN maevsi_private.account.password_reset_verification IS 'The UUID used to reset a password, or null if there is no pending reset request.'; COMMENT ON COLUMN maevsi_private.account.password_reset_verification_valid_until IS 'The timestamp until which a password reset is valid.'; COMMENT ON COLUMN maevsi_private.account.upload_quota_bytes IS 'The account''s upload quota in bytes.'; +COMMENT ON COLUMN maevsi_private.account.day_of_birth IS 'The account owner''s day of birth.'; CREATE FUNCTION maevsi_private.account_email_address_verification_valid_until() RETURNS TRIGGER AS $$ BEGIN diff --git a/src/verify/table_account_private.sql b/src/verify/table_account_private.sql index cc9a0c1a..48683877 100644 --- a/src/verify/table_account_private.sql +++ b/src/verify/table_account_private.sql @@ -11,7 +11,8 @@ SELECT id, password_hash, password_reset_verification, password_reset_verification_valid_until, - upload_quota_bytes + upload_quota_bytes, + day_of_birth FROM maevsi_private.account WHERE FALSE; DO $$ From 4134f95bf88ab93b0d6d5f324e2fb033b9ff9949 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 01:36:30 +0000 Subject: [PATCH 033/105] chore(deps): update postgres docker tag to v17.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6270017f..10e61161 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ CMD ["sqitch", "--chdir", "src", "deploy", "&&", "sleep", "infinity"] ########################### -FROM postgres:17.1 AS build +FROM postgres:17.2 AS build ENV POSTGRES_DB=maevsi ENV POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password From 3aea54421c8b5fc2d9f50bcea4c8c501a6734dca Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 00:29:18 +0000 Subject: [PATCH 034/105] chore(deps): lock file maintenance --- pnpm-lock.yaml | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2e7e0d7e..5c48335c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: devDependencies: '@commitlint/cli': specifier: 19.6.0 - version: 19.6.0(@types/node@22.9.0)(typescript@5.6.3) + version: 19.6.0(@types/node@22.9.3)(typescript@5.7.2) '@commitlint/config-conventional': specifier: 19.6.0 version: 19.6.0 @@ -103,8 +103,8 @@ packages: '@types/conventional-commits-parser@5.0.0': resolution: {integrity: sha512-loB369iXNmAZglwWATL+WRe+CRMmmBPtpolYzIebFaX4YA3x+BEfLqhUAV9WanycKI3TG1IMr5bMJDajDKLlUQ==} - '@types/node@22.9.0': - resolution: {integrity: sha512-vuyHg81vvWA1Z1ELfvLko2c8f34gyA0zaic0+Rllc5lbCnbSyuvb2Oxpm6TAUAC/2xZN3QGqxBNggD1nNR2AfQ==} + '@types/node@22.9.3': + resolution: {integrity: sha512-F3u1fs/fce3FFk+DAxbxc78DF8x0cY09RRL8GnXLmkJ1jvx3TtPdWoTT5/NiYfI5ASqXBmfqJi9dZ3gxMx4lzw==} JSONStream@1.3.5: resolution: {integrity: sha512-E+iruNOY8VV9s4JEbe1aNEm6MiszPRr/UfcHMz0TQh1BXSxHK+ASV1R6W4HpjBhSeS+54PIsAMCBmwD06LLsqQ==} @@ -387,8 +387,8 @@ packages: tinyexec@0.3.1: resolution: {integrity: sha512-WiCJLEECkO18gwqIp6+hJg0//p23HXp4S+gGtAKu3mI2F2/sXC4FvHvXvB0zJVVaTPhx1/tOwdbRsa1sOBIKqQ==} - typescript@5.6.3: - resolution: {integrity: sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==} + typescript@5.7.2: + resolution: {integrity: sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg==} engines: {node: '>=14.17'} hasBin: true @@ -429,11 +429,11 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.6.0(@types/node@22.9.0)(typescript@5.6.3)': + '@commitlint/cli@19.6.0(@types/node@22.9.3)(typescript@5.7.2)': dependencies: '@commitlint/format': 19.5.0 '@commitlint/lint': 19.6.0 - '@commitlint/load': 19.5.0(@types/node@22.9.0)(typescript@5.6.3) + '@commitlint/load': 19.5.0(@types/node@22.9.3)(typescript@5.7.2) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 tinyexec: 0.3.1 @@ -480,15 +480,15 @@ snapshots: '@commitlint/rules': 19.6.0 '@commitlint/types': 19.5.0 - '@commitlint/load@19.5.0(@types/node@22.9.0)(typescript@5.6.3)': + '@commitlint/load@19.5.0(@types/node@22.9.3)(typescript@5.7.2)': dependencies: '@commitlint/config-validator': 19.5.0 '@commitlint/execute-rule': 19.5.0 '@commitlint/resolve-extends': 19.5.0 '@commitlint/types': 19.5.0 chalk: 5.3.0 - cosmiconfig: 9.0.0(typescript@5.6.3) - cosmiconfig-typescript-loader: 5.1.0(@types/node@22.9.0)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3) + cosmiconfig: 9.0.0(typescript@5.7.2) + cosmiconfig-typescript-loader: 5.1.0(@types/node@22.9.3)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) lodash.isplainobject: 4.0.6 lodash.merge: 4.6.2 lodash.uniq: 4.5.0 @@ -541,9 +541,9 @@ snapshots: '@types/conventional-commits-parser@5.0.0': dependencies: - '@types/node': 22.9.0 + '@types/node': 22.9.3 - '@types/node@22.9.0': + '@types/node@22.9.3': dependencies: undici-types: 6.19.8 @@ -609,21 +609,21 @@ snapshots: meow: 12.1.1 split2: 4.2.0 - cosmiconfig-typescript-loader@5.1.0(@types/node@22.9.0)(cosmiconfig@9.0.0(typescript@5.6.3))(typescript@5.6.3): + cosmiconfig-typescript-loader@5.1.0(@types/node@22.9.3)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): dependencies: - '@types/node': 22.9.0 - cosmiconfig: 9.0.0(typescript@5.6.3) + '@types/node': 22.9.3 + cosmiconfig: 9.0.0(typescript@5.7.2) jiti: 1.21.6 - typescript: 5.6.3 + typescript: 5.7.2 - cosmiconfig@9.0.0(typescript@5.6.3): + cosmiconfig@9.0.0(typescript@5.7.2): dependencies: env-paths: 2.2.1 import-fresh: 3.3.0 js-yaml: 4.1.0 parse-json: 5.2.0 optionalDependencies: - typescript: 5.6.3 + typescript: 5.7.2 dargs@8.1.0: {} @@ -777,7 +777,7 @@ snapshots: tinyexec@0.3.1: {} - typescript@5.6.3: {} + typescript@5.7.2: {} undici-types@6.19.8: {} From f116bef34faae2fc1b59b72840be91321d8067b3 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 22 Nov 2024 04:30:49 +0100 Subject: [PATCH 035/105] refactor(account): rename birth date column --- schema/schema.definition.sql | 16 ++++++++-------- src/deploy/table_account_private.sql | 7 ++++--- src/verify/table_account_private.sql | 4 ++-- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 069b0949..b5240e0c 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2156,6 +2156,7 @@ COMMENT ON CONSTRAINT report_reason_check ON maevsi.report IS 'Ensures the reaso CREATE TABLE maevsi_private.account ( id uuid DEFAULT gen_random_uuid() NOT NULL, + birth_date date NOT NULL, created timestamp without time zone DEFAULT now() NOT NULL, email_address text NOT NULL, email_address_verification uuid DEFAULT gen_random_uuid(), @@ -2165,7 +2166,6 @@ CREATE TABLE maevsi_private.account ( password_reset_verification uuid, password_reset_verification_valid_until timestamp without time zone, upload_quota_bytes bigint DEFAULT 10485760 NOT NULL, - day_of_birth date NOT NULL, CONSTRAINT account_email_address_check CHECK ((char_length(email_address) < 255)) ); @@ -2186,6 +2186,13 @@ COMMENT ON TABLE maevsi_private.account IS 'Private account data.'; COMMENT ON COLUMN maevsi_private.account.id IS 'The account''s internal id.'; +-- +-- Name: COLUMN account.birth_date; Type: COMMENT; Schema: maevsi_private; Owner: postgres +-- + +COMMENT ON COLUMN maevsi_private.account.birth_date IS 'The account owner''s date of birth.'; + + -- -- Name: COLUMN account.created; Type: COMMENT; Schema: maevsi_private; Owner: postgres -- @@ -2249,13 +2256,6 @@ COMMENT ON COLUMN maevsi_private.account.password_reset_verification_valid_until COMMENT ON COLUMN maevsi_private.account.upload_quota_bytes IS 'The account''s upload quota in bytes.'; --- --- Name: COLUMN account.day_of_birth; Type: COMMENT; Schema: maevsi_private; Owner: postgres --- - -COMMENT ON COLUMN maevsi_private.account.day_of_birth IS 'The account owner''s day of birth.'; - - -- -- Name: achievement_code; Type: TABLE; Schema: maevsi_private; Owner: postgres -- diff --git a/src/deploy/table_account_private.sql b/src/deploy/table_account_private.sql index 9a7ad3e3..f6d9c301 100644 --- a/src/deploy/table_account_private.sql +++ b/src/deploy/table_account_private.sql @@ -6,6 +6,8 @@ BEGIN; CREATE TABLE maevsi_private.account ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + birth_date DATE NOT NULL, created TIMESTAMP NOT NULL DEFAULT NOW(), email_address TEXT NOT NULL CHECK (char_length(email_address) < 255) UNIQUE, -- no regex check as "a valid email address is one that you can send emails to" (http://www.dominicsayers.com/isemail/) email_address_verification UUID DEFAULT gen_random_uuid(), @@ -14,12 +16,12 @@ CREATE TABLE maevsi_private.account ( password_hash TEXT NOT NULL, password_reset_verification UUID, password_reset_verification_valid_until TIMESTAMP, - upload_quota_bytes BIGINT NOT NULL DEFAULT 10485760, -- 10 mebibyte - day_of_birth DATE NOT NULL + upload_quota_bytes BIGINT NOT NULL DEFAULT 10485760 -- 10 mebibyte ); COMMENT ON TABLE maevsi_private.account IS 'Private account data.'; COMMENT ON COLUMN maevsi_private.account.id IS 'The account''s internal id.'; +COMMENT ON COLUMN maevsi_private.account.birth_date IS 'The account owner''s date of birth.'; COMMENT ON COLUMN maevsi_private.account.created IS 'Timestamp at which the account was last active.'; COMMENT ON COLUMN maevsi_private.account.email_address IS 'The account''s email address for account related information.'; COMMENT ON COLUMN maevsi_private.account.email_address_verification IS 'The UUID used to verify an email address, or null if already verified.'; @@ -29,7 +31,6 @@ COMMENT ON COLUMN maevsi_private.account.password_hash IS 'The account''s passwo COMMENT ON COLUMN maevsi_private.account.password_reset_verification IS 'The UUID used to reset a password, or null if there is no pending reset request.'; COMMENT ON COLUMN maevsi_private.account.password_reset_verification_valid_until IS 'The timestamp until which a password reset is valid.'; COMMENT ON COLUMN maevsi_private.account.upload_quota_bytes IS 'The account''s upload quota in bytes.'; -COMMENT ON COLUMN maevsi_private.account.day_of_birth IS 'The account owner''s day of birth.'; CREATE FUNCTION maevsi_private.account_email_address_verification_valid_until() RETURNS TRIGGER AS $$ BEGIN diff --git a/src/verify/table_account_private.sql b/src/verify/table_account_private.sql index 48683877..163c27c6 100644 --- a/src/verify/table_account_private.sql +++ b/src/verify/table_account_private.sql @@ -3,6 +3,7 @@ BEGIN; SELECT id, + birth_date, created, email_address, email_address_verification, @@ -11,8 +12,7 @@ SELECT id, password_hash, password_reset_verification, password_reset_verification_valid_until, - upload_quota_bytes, - day_of_birth + upload_quota_bytes FROM maevsi_private.account WHERE FALSE; DO $$ From 68ea970791c9da84c7a6d1fe42c978bc23ef0559 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 03:13:23 +0000 Subject: [PATCH 036/105] chore(deps): update dargmuesli/github-actions action to v2.3.7 --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-schedule.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ff900b7..3aa7d371 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.6 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.7 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -35,7 +35,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.6 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.7 needs: release_semantic_dry permissions: packages: write @@ -44,7 +44,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.6 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.7 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index fd3dcee5..8464c7d2 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.6 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.7 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: From 1993b9759a0168f45a24e5dc58a8d5d6dfefb0ea Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 19:22:37 +0000 Subject: [PATCH 037/105] chore(deps): update pnpm to v9.14.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e97b906f..56aec51c 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.14.2", + "packageManager": "pnpm@9.14.3", "scripts": { "prepare": "husky" }, From 7d6dbc73e999acdaf4dc869923c578d587c9f64e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 13:01:14 +0000 Subject: [PATCH 038/105] chore(deps): update pnpm to v9.14.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 56aec51c..0b58bf1d 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.14.3", + "packageManager": "pnpm@9.14.4", "scripts": { "prepare": "husky" }, From 432f826cced7129907548418635f207ff1d06b24 Mon Sep 17 00:00:00 2001 From: dargmuesli Date: Sat, 30 Nov 2024 00:49:37 +0000 Subject: [PATCH 039/105] fix: schedule release From df883bff3e57bf4c560d63fa5e67eb10c2d649b1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 30 Nov 2024 00:51:38 +0000 Subject: [PATCH 040/105] chore(release): 4.0.5 [skip ci] ## [4.0.5](https://github.com/maevsi/sqitch/compare/4.0.4...4.0.5) (2024-11-30) ### Bug Fixes * schedule release ([432f826](https://github.com/maevsi/sqitch/commit/432f826cced7129907548418635f207ff1d06b24)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c802e8d..9f4cc7a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.0.5](https://github.com/maevsi/sqitch/compare/4.0.4...4.0.5) (2024-11-30) + +### Bug Fixes + +* schedule release ([432f826](https://github.com/maevsi/sqitch/commit/432f826cced7129907548418635f207ff1d06b24)) + ## [4.0.4](https://github.com/maevsi/sqitch/compare/4.0.3...4.0.4) (2024-11-16) ### Bug Fixes diff --git a/package.json b/package.json index 0b58bf1d..916992db 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.0.4", + "version": "4.0.5", "private": true, "engines": { "node": "22" From 091f270d55395014535ecd26ec698a2b9db2816a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 2 Dec 2024 03:45:34 +0000 Subject: [PATCH 041/105] chore(release): 4.1.0 [skip ci] ## [4.1.0](https://github.com/maevsi/sqitch/compare/4.0.5...4.1.0) (2024-12-02) ### Features * **account:** column day_of_birth added ([71cc5e4](https://github.com/maevsi/sqitch/commit/71cc5e46105e70205492d782207750805f1bc184)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f4cc7a5..9b05d6b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.1.0](https://github.com/maevsi/sqitch/compare/4.0.5...4.1.0) (2024-12-02) + +### Features + +* **account:** column day_of_birth added ([71cc5e4](https://github.com/maevsi/sqitch/commit/71cc5e46105e70205492d782207750805f1bc184)) + ## [4.0.5](https://github.com/maevsi/sqitch/compare/4.0.4...4.0.5) (2024-11-30) ### Bug Fixes diff --git a/package.json b/package.json index 916992db..d9615a6d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.0.5", + "version": "4.1.0", "private": true, "engines": { "node": "22" From 9956321854aecfddd71e609dffa6b0d6147ef1a0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 03:46:51 +0000 Subject: [PATCH 042/105] chore(deps): lock file maintenance --- pnpm-lock.yaml | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5c48335c..c1a31961 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: devDependencies: '@commitlint/cli': specifier: 19.6.0 - version: 19.6.0(@types/node@22.9.3)(typescript@5.7.2) + version: 19.6.0(@types/node@22.10.1)(typescript@5.7.2) '@commitlint/config-conventional': specifier: 19.6.0 version: 19.6.0 @@ -100,11 +100,11 @@ packages: resolution: {integrity: sha512-DSHae2obMSMkAtTBSOulg5X7/z+rGLxcXQIkg3OmWvY6wifojge5uVMydfhUvs7yQj+V7jNmRZ2Xzl8GJyqRgg==} engines: {node: '>=v18'} - '@types/conventional-commits-parser@5.0.0': - resolution: {integrity: sha512-loB369iXNmAZglwWATL+WRe+CRMmmBPtpolYzIebFaX4YA3x+BEfLqhUAV9WanycKI3TG1IMr5bMJDajDKLlUQ==} + '@types/conventional-commits-parser@5.0.1': + resolution: {integrity: sha512-7uz5EHdzz2TqoMfV7ee61Egf5y6NkcO4FB/1iCCQnbeiI1F3xzv3vK5dBCXUCLQgGYS+mUeigK1iKQzvED+QnQ==} - '@types/node@22.9.3': - resolution: {integrity: sha512-F3u1fs/fce3FFk+DAxbxc78DF8x0cY09RRL8GnXLmkJ1jvx3TtPdWoTT5/NiYfI5ASqXBmfqJi9dZ3gxMx4lzw==} + '@types/node@22.10.1': + resolution: {integrity: sha512-qKgsUwfHZV2WCWLAnVP1JqnpE6Im6h3Y0+fYgMTasNQ7V++CBX5OT1as0g0f+OyubbFqhf6XVNIsmN4IIhEgGQ==} JSONStream@1.3.5: resolution: {integrity: sha512-E+iruNOY8VV9s4JEbe1aNEm6MiszPRr/UfcHMz0TQh1BXSxHK+ASV1R6W4HpjBhSeS+54PIsAMCBmwD06LLsqQ==} @@ -392,8 +392,8 @@ packages: engines: {node: '>=14.17'} hasBin: true - undici-types@6.19.8: - resolution: {integrity: sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==} + undici-types@6.20.0: + resolution: {integrity: sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==} unicorn-magic@0.1.0: resolution: {integrity: sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==} @@ -429,11 +429,11 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.6.0(@types/node@22.9.3)(typescript@5.7.2)': + '@commitlint/cli@19.6.0(@types/node@22.10.1)(typescript@5.7.2)': dependencies: '@commitlint/format': 19.5.0 '@commitlint/lint': 19.6.0 - '@commitlint/load': 19.5.0(@types/node@22.9.3)(typescript@5.7.2) + '@commitlint/load': 19.5.0(@types/node@22.10.1)(typescript@5.7.2) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 tinyexec: 0.3.1 @@ -480,7 +480,7 @@ snapshots: '@commitlint/rules': 19.6.0 '@commitlint/types': 19.5.0 - '@commitlint/load@19.5.0(@types/node@22.9.3)(typescript@5.7.2)': + '@commitlint/load@19.5.0(@types/node@22.10.1)(typescript@5.7.2)': dependencies: '@commitlint/config-validator': 19.5.0 '@commitlint/execute-rule': 19.5.0 @@ -488,7 +488,7 @@ snapshots: '@commitlint/types': 19.5.0 chalk: 5.3.0 cosmiconfig: 9.0.0(typescript@5.7.2) - cosmiconfig-typescript-loader: 5.1.0(@types/node@22.9.3)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) + cosmiconfig-typescript-loader: 5.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) lodash.isplainobject: 4.0.6 lodash.merge: 4.6.2 lodash.uniq: 4.5.0 @@ -536,16 +536,16 @@ snapshots: '@commitlint/types@19.5.0': dependencies: - '@types/conventional-commits-parser': 5.0.0 + '@types/conventional-commits-parser': 5.0.1 chalk: 5.3.0 - '@types/conventional-commits-parser@5.0.0': + '@types/conventional-commits-parser@5.0.1': dependencies: - '@types/node': 22.9.3 + '@types/node': 22.10.1 - '@types/node@22.9.3': + '@types/node@22.10.1': dependencies: - undici-types: 6.19.8 + undici-types: 6.20.0 JSONStream@1.3.5: dependencies: @@ -609,9 +609,9 @@ snapshots: meow: 12.1.1 split2: 4.2.0 - cosmiconfig-typescript-loader@5.1.0(@types/node@22.9.3)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): + cosmiconfig-typescript-loader@5.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): dependencies: - '@types/node': 22.9.3 + '@types/node': 22.10.1 cosmiconfig: 9.0.0(typescript@5.7.2) jiti: 1.21.6 typescript: 5.7.2 @@ -779,7 +779,7 @@ snapshots: typescript@5.7.2: {} - undici-types@6.19.8: {} + undici-types@6.20.0: {} unicorn-magic@0.1.0: {} From 715e69c45c479d3e3d9a3be8c42d8db9bc6dd29d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 01:51:37 +0000 Subject: [PATCH 043/105] chore(deps): update dargmuesli/github-actions action to v2.3.8 --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-schedule.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3aa7d371..3e82c671 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.7 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.8 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -35,7 +35,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.7 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.8 needs: release_semantic_dry permissions: packages: write @@ -44,7 +44,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.7 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.8 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index 8464c7d2..8736496d 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.7 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.8 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: From 4b637cf593d6525c2e0d132d8e2dcae91216e58b Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 5 Dec 2024 08:40:25 +0100 Subject: [PATCH 044/105] test(account): registration --- src/verify/function_account_registration.sql | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/verify/function_account_registration.sql b/src/verify/function_account_registration.sql index ccd2eb0c..65d018dd 100644 --- a/src/verify/function_account_registration.sql +++ b/src/verify/function_account_registration.sql @@ -2,10 +2,24 @@ BEGIN; +SAVEPOINT function_privileges_for_roles; DO $$ BEGIN - ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.account_registration(TEXT, TEXT, TEXT, TEXT)', 'EXECUTE')); - ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.account_registration(TEXT, TEXT, TEXT, TEXT)', 'EXECUTE')); + IF NOT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.account_registration(TEXT, TEXT, TEXT, TEXT)', 'EXECUTE')) THEN + RAISE EXCEPTION 'Test function_privileges_for_roles failed: maevsi_account does not have EXECUTE privilege'; + END IF; + + IF NOT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.account_registration(TEXT, TEXT, TEXT, TEXT)', 'EXECUTE')) THEN + RAISE EXCEPTION 'Test function_privileges_for_roles failed: maevsi_anonymous does not have EXECUTE privilege'; + END IF; +END $$; +ROLLBACK TO SAVEPOINT function_privileges_for_roles; + +SAVEPOINT account_creation; +DO $$ +BEGIN + PERFORM maevsi.account_registration('username', 'e@ma.il', 'password', 'en'); END $$; +ROLLBACK TO SAVEPOINT account_creation; ROLLBACK; From d308c21bda037f111c275df3c900b86e7a289d26 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 5 Dec 2024 08:53:56 +0100 Subject: [PATCH 045/105] fix(account): allow empty birth date --- schema/schema.definition.sql | 2 +- src/deploy/table_account_private.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index b5240e0c..d362b6f4 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2156,7 +2156,7 @@ COMMENT ON CONSTRAINT report_reason_check ON maevsi.report IS 'Ensures the reaso CREATE TABLE maevsi_private.account ( id uuid DEFAULT gen_random_uuid() NOT NULL, - birth_date date NOT NULL, + birth_date date, created timestamp without time zone DEFAULT now() NOT NULL, email_address text NOT NULL, email_address_verification uuid DEFAULT gen_random_uuid(), diff --git a/src/deploy/table_account_private.sql b/src/deploy/table_account_private.sql index f6d9c301..b36dd1ba 100644 --- a/src/deploy/table_account_private.sql +++ b/src/deploy/table_account_private.sql @@ -7,7 +7,7 @@ BEGIN; CREATE TABLE maevsi_private.account ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - birth_date DATE NOT NULL, + birth_date DATE, -- TODO: evaluate if this should be `NOT NULL` for all new accounts created TIMESTAMP NOT NULL DEFAULT NOW(), email_address TEXT NOT NULL CHECK (char_length(email_address) < 255) UNIQUE, -- no regex check as "a valid email address is one that you can send emails to" (http://www.dominicsayers.com/isemail/) email_address_verification UUID DEFAULT gen_random_uuid(), From e5b66650b5ef1d429c2485fb8f072b2ff8d420c5 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 5 Dec 2024 09:24:19 +0100 Subject: [PATCH 046/105] refactor(account): use function variable names in registration --- schema/schema.definition.sql | 16 ++++++++-------- src/deploy/function_account_registration.sql | 12 ++++++------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index b5240e0c..365a4976 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -388,30 +388,30 @@ COMMENT ON FUNCTION maevsi.account_password_reset_request(email_address text, la CREATE FUNCTION maevsi.account_registration(username text, email_address text, password text, language text) RETURNS uuid LANGUAGE plpgsql STRICT SECURITY DEFINER - AS $_$ + AS $$ DECLARE _new_account_private maevsi_private.account; _new_account_public maevsi.account; _new_account_notify RECORD; BEGIN - IF (char_length($3) < 8) THEN + IF (char_length(account_registration.password) < 8) THEN RAISE 'Password too short!' USING ERRCODE = 'invalid_parameter_value'; END IF; - IF (EXISTS (SELECT 1 FROM maevsi.account WHERE account.username = $1)) THEN + IF (EXISTS (SELECT 1 FROM maevsi.account WHERE account.username = account_registration.username)) THEN RAISE 'An account with this username already exists!' USING ERRCODE = 'unique_violation'; END IF; - IF (EXISTS (SELECT 1 FROM maevsi_private.account WHERE account.email_address = $2)) THEN + IF (EXISTS (SELECT 1 FROM maevsi_private.account WHERE account.email_address = account_registration.email_address)) THEN RAISE 'An account with this email address already exists!' USING ERRCODE = 'unique_violation'; END IF; INSERT INTO maevsi_private.account(email_address, password_hash, last_activity) VALUES - ($2, maevsi.crypt($3, maevsi.gen_salt('bf')), NOW()) + (account_registration.email_address, maevsi.crypt(account_registration.password, maevsi.gen_salt('bf')), NOW()) RETURNING * INTO _new_account_private; INSERT INTO maevsi.account(id, username) VALUES - (_new_account_private.id, $1) + (_new_account_private.id, account_registration.username) RETURNING * INTO _new_account_public; SELECT @@ -427,13 +427,13 @@ BEGIN 'account_registration', jsonb_pretty(jsonb_build_object( 'account', row_to_json(_new_account_notify), - 'template', jsonb_build_object('language', $4) + 'template', jsonb_build_object('language', account_registration.language) )) ); RETURN _new_account_public.id; END; -$_$; +$$; ALTER FUNCTION maevsi.account_registration(username text, email_address text, password text, language text) OWNER TO postgres; diff --git a/src/deploy/function_account_registration.sql b/src/deploy/function_account_registration.sql index 25bc93dd..2126ba0b 100644 --- a/src/deploy/function_account_registration.sql +++ b/src/deploy/function_account_registration.sql @@ -23,24 +23,24 @@ DECLARE _new_account_public maevsi.account; _new_account_notify RECORD; BEGIN - IF (char_length($3) < 8) THEN + IF (char_length(account_registration.password) < 8) THEN RAISE 'Password too short!' USING ERRCODE = 'invalid_parameter_value'; END IF; - IF (EXISTS (SELECT 1 FROM maevsi.account WHERE account.username = $1)) THEN + IF (EXISTS (SELECT 1 FROM maevsi.account WHERE account.username = account_registration.username)) THEN RAISE 'An account with this username already exists!' USING ERRCODE = 'unique_violation'; END IF; - IF (EXISTS (SELECT 1 FROM maevsi_private.account WHERE account.email_address = $2)) THEN + IF (EXISTS (SELECT 1 FROM maevsi_private.account WHERE account.email_address = account_registration.email_address)) THEN RAISE 'An account with this email address already exists!' USING ERRCODE = 'unique_violation'; END IF; INSERT INTO maevsi_private.account(email_address, password_hash, last_activity) VALUES - ($2, maevsi.crypt($3, maevsi.gen_salt('bf')), NOW()) + (account_registration.email_address, maevsi.crypt(account_registration.password, maevsi.gen_salt('bf')), NOW()) RETURNING * INTO _new_account_private; INSERT INTO maevsi.account(id, username) VALUES - (_new_account_private.id, $1) + (_new_account_private.id, account_registration.username) RETURNING * INTO _new_account_public; SELECT @@ -56,7 +56,7 @@ BEGIN 'account_registration', jsonb_pretty(jsonb_build_object( 'account', row_to_json(_new_account_notify), - 'template', jsonb_build_object('language', $4) + 'template', jsonb_build_object('language', account_registration.language) )) ); From 33bba866eed70099e3161bafecd2c8de98b290be Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 5 Dec 2024 08:37:02 +0000 Subject: [PATCH 047/105] chore(release): 4.1.1 [skip ci] ## [4.1.1](https://github.com/maevsi/sqitch/compare/4.1.0...4.1.1) (2024-12-05) ### Bug Fixes * **account:** allow empty birth date ([d308c21](https://github.com/maevsi/sqitch/commit/d308c21bda037f111c275df3c900b86e7a289d26)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b05d6b4..81acd2d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.1.1](https://github.com/maevsi/sqitch/compare/4.1.0...4.1.1) (2024-12-05) + +### Bug Fixes + +* **account:** allow empty birth date ([d308c21](https://github.com/maevsi/sqitch/commit/d308c21bda037f111c275df3c900b86e7a289d26)) + ## [4.1.0](https://github.com/maevsi/sqitch/compare/4.0.5...4.1.0) (2024-12-02) ### Features diff --git a/package.json b/package.json index d9615a6d..75f6398a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.1.0", + "version": "4.1.1", "private": true, "engines": { "node": "22" From b2c81c4417f7e8d6930198d7167dbb827213bf97 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 00:18:35 +0000 Subject: [PATCH 048/105] chore(deps): update alpine docker tag to v3.21.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 10e61161..f680723b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,7 @@ RUN export SQITCH_TARGET="$(cat SQITCH_TARGET.env)" \ && sqitch revert -t db:pg://postgres:postgres@/maevsi ############################## -FROM alpine:3.20.3 AS validate +FROM alpine:3.21.0 AS validate WORKDIR /srv/app From 4adf22668a09fca2a3b6098d709f37733091ddf6 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 04:44:53 +0100 Subject: [PATCH 049/105] test(account): extend for registration --- src/verify/function_account_registration.sql | 75 +++++++++++++++++++- 1 file changed, 72 insertions(+), 3 deletions(-) diff --git a/src/verify/function_account_registration.sql b/src/verify/function_account_registration.sql index 65d018dd..095c3752 100644 --- a/src/verify/function_account_registration.sql +++ b/src/verify/function_account_registration.sql @@ -15,11 +15,80 @@ BEGIN END $$; ROLLBACK TO SAVEPOINT function_privileges_for_roles; -SAVEPOINT account_creation; +SAVEPOINT account_registration; DO $$ BEGIN - PERFORM maevsi.account_registration('username', 'e@ma.il', 'password', 'en'); + PERFORM maevsi.account_registration('username', 'email@example.com', 'password', 'en'); END $$; -ROLLBACK TO SAVEPOINT account_creation; +ROLLBACK TO SAVEPOINT account_registration; + +SAVEPOINT password_length; +DO $$ +BEGIN + PERFORM maevsi.account_registration('username', 'email@example.com', 'short', 'en'); + RAISE EXCEPTION 'Test failed: Password length not enforced'; +EXCEPTION WHEN invalid_parameter_value THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT password_length; + +SAVEPOINT username_uniqueness; +DO $$ +BEGIN + PERFORM maevsi.account_registration('username-duplicate', 'diff@example.com', 'password', 'en'); + PERFORM maevsi.account_registration('username-duplicate', 'erent@example.com', 'password', 'en'); + RAISE EXCEPTION 'Test failed: Duplicate username not enforced'; +EXCEPTION WHEN unique_violation THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT username_uniqueness; + +SAVEPOINT email_uniqueness; +DO $$ +BEGIN + PERFORM maevsi.account_registration('username-diff', 'duplicate@example.com', 'password', 'en'); + PERFORM maevsi.account_registration('username-erent', 'duplicate@example.com', 'password', 'en'); + RAISE EXCEPTION 'Test failed: Duplicate email not enforced'; +EXCEPTION WHEN unique_violation THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT email_uniqueness; + +SAVEPOINT username_null; +DO $$ +BEGIN + PERFORM maevsi.account_registration(NULL, 'email@example.com', 'password', 'en'); + RAISE EXCEPTION 'Test failed: NULL username allowed'; +EXCEPTION WHEN OTHERS THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT username_null; + +SAVEPOINT username_length; +DO $$ +BEGIN + PERFORM maevsi.account_registration('', 'email@example.com', 'password', 'en'); + RAISE EXCEPTION 'Test failed: Empty username allowed'; +EXCEPTION WHEN OTHERS THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT username_length; + +SAVEPOINT notification; +DO $$ +DECLARE + account_id UUID; +BEGIN + account_id := maevsi.account_registration('username', 'email@example.com', 'password', 'en'); + + IF NOT EXISTS ( + SELECT 1 FROM maevsi_private.notification + WHERE channel = 'account_registration' + AND payload::jsonb -> 'account' ->> 'username' = 'username' + ) THEN + RAISE EXCEPTION 'Test failed: Notification not generated'; + END IF; +END $$; +ROLLBACK TO SAVEPOINT notification; ROLLBACK; From b23fa1d6608275eadef48c33202bf33ae9b92411 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Thu, 21 Nov 2024 12:21:15 +0100 Subject: [PATCH 050/105] feat(account): add social links The tables `social_network` and `account_social_link` have been added to accommodate an account owner's user names in social networks. --- schema/schema.definition.sql | 126 ++++++++++++++++++ src/deploy/table_account_social_link.sql | 20 +++ .../table_account_social_link_policy.sql | 22 +++ src/deploy/table_social_network.sql | 20 +++ src/revert/table_account_social_link.sql | 7 + .../table_account_social_link_policy.sql | 9 ++ src/revert/table_social_network.sql | 7 + src/sqitch.plan | 3 + src/verify/table_account_social_link.sql | 11 ++ .../table_account_social_link_policy.sql | 17 +++ src/verify/table_social_network.sql | 8 ++ 11 files changed, 250 insertions(+) create mode 100644 src/deploy/table_account_social_link.sql create mode 100644 src/deploy/table_account_social_link_policy.sql create mode 100644 src/deploy/table_social_network.sql create mode 100644 src/revert/table_account_social_link.sql create mode 100644 src/revert/table_account_social_link_policy.sql create mode 100644 src/revert/table_social_network.sql create mode 100644 src/verify/table_account_social_link.sql create mode 100644 src/verify/table_account_social_link_policy.sql create mode 100644 src/verify/table_social_network.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index d35a250c..f1bf222d 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1579,6 +1579,47 @@ COMMENT ON COLUMN maevsi.account.id IS 'The account''s internal id.'; COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.'; +-- +-- Name: account_social_link; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.account_social_link ( + account_id uuid NOT NULL, + social_network_name text NOT NULL, + social_network_username text NOT NULL +); + + +ALTER TABLE maevsi.account_social_link OWNER TO postgres; + +-- +-- Name: TABLE account_social_link; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.account_social_link IS 'Collects the account''s user names in social networks.'; + + +-- +-- Name: COLUMN account_social_link.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_social_link.account_id IS 'The account ID.'; + + +-- +-- Name: COLUMN account_social_link.social_network_name; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_social_link.social_network_name IS 'The social network name.'; + + +-- +-- Name: COLUMN account_social_link.social_network_username; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_social_link.social_network_username IS 'The account owner''s user name in the social network.'; + + -- -- Name: achievement; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -2150,6 +2191,31 @@ COMMENT ON CONSTRAINT report_check ON maevsi.report IS 'Ensures that the report COMMENT ON CONSTRAINT report_reason_check ON maevsi.report IS 'Ensures the reason field contains between 1 and 2000 characters.'; +-- +-- Name: social_network; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.social_network ( + name text NOT NULL +); + + +ALTER TABLE maevsi.social_network OWNER TO postgres; + +-- +-- Name: TABLE social_network; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.social_network IS 'Social networks.'; + + +-- +-- Name: COLUMN social_network.name; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.social_network.name IS 'A social network name.'; + + -- -- Name: account; Type: TABLE; Schema: maevsi_private; Owner: postgres -- @@ -2885,6 +2951,14 @@ ALTER TABLE ONLY maevsi.account ADD CONSTRAINT account_pkey PRIMARY KEY (id); +-- +-- Name: account_social_link account_social_link_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_social_link + ADD CONSTRAINT account_social_link_pkey PRIMARY KEY (account_id, social_network_name); + + -- -- Name: account account_username_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3052,6 +3126,14 @@ ALTER TABLE ONLY maevsi.report ADD CONSTRAINT report_pkey PRIMARY KEY (id); +-- +-- Name: social_network social_network_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.social_network + ADD CONSTRAINT social_network_pkey PRIMARY KEY (name); + + -- -- Name: upload upload_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3330,6 +3412,22 @@ ALTER TABLE ONLY maevsi.account ADD CONSTRAINT account_id_fkey FOREIGN KEY (id) REFERENCES maevsi_private.account(id) ON DELETE CASCADE; +-- +-- Name: account_social_link account_social_link_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_social_link + ADD CONSTRAINT account_social_link_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; + + +-- +-- Name: account_social_link account_social_link_social_network_name_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_social_link + ADD CONSTRAINT account_social_link_social_network_name_fkey FOREIGN KEY (social_network_name) REFERENCES maevsi.social_network(name) ON DELETE CASCADE; + + -- -- Name: achievement achievement_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3535,6 +3633,27 @@ ALTER TABLE maevsi.account ENABLE ROW LEVEL SECURITY; CREATE POLICY account_select ON maevsi.account FOR SELECT USING (true); +-- +-- Name: account_social_link account_social_link_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_social_link_delete ON maevsi.account_social_link FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + +-- +-- Name: account_social_link account_social_link_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_social_link_insert ON maevsi.account_social_link FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + +-- +-- Name: account_social_link account_social_link_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY account_social_link_select ON maevsi.account_social_link FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); + + -- -- Name: achievement; Type: ROW SECURITY; Schema: maevsi; Owner: postgres -- @@ -4321,6 +4440,13 @@ GRANT SELECT ON TABLE maevsi.account TO maevsi_account; GRANT SELECT ON TABLE maevsi.account TO maevsi_anonymous; +-- +-- Name: TABLE account_social_link; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.account_social_link TO maevsi_account; + + -- -- Name: TABLE achievement; Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_account_social_link.sql b/src/deploy/table_account_social_link.sql new file mode 100644 index 00000000..19e4bd38 --- /dev/null +++ b/src/deploy/table_account_social_link.sql @@ -0,0 +1,20 @@ +-- Deploy maevsi:table_event_category_mapping to pg +-- requires: schema_public +-- requires: table_account +-- requires: table_social_network + +BEGIN; + +CREATE TABLE maevsi.account_social_link ( + account_id UUID NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + social_network_name TEXT NOT NULL REFERENCES maevsi.social_network(name) ON DELETE CASCADE, + social_network_username TEXT NOT NULL, + PRIMARY KEY (account_id, social_network_name) +); + +COMMENT ON TABLE maevsi.account_social_link IS 'Collects the account''s user names in social networks.'; +COMMENT ON COLUMN maevsi.account_social_link.account_id IS 'The account ID.'; +COMMENT ON COLUMN maevsi.account_social_link.social_network_name IS 'The social network name.'; +COMMENT ON COLUMN maevsi.account_social_link.social_network_username IS 'The account owner''s user name in the social network.'; + +COMMIT; diff --git a/src/deploy/table_account_social_link_policy.sql b/src/deploy/table_account_social_link_policy.sql new file mode 100644 index 00000000..a4bb45eb --- /dev/null +++ b/src/deploy/table_account_social_link_policy.sql @@ -0,0 +1,22 @@ +-- Deploy maevsi:table_account_social_link_policy to pg + +BEGIN; + +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_social_link TO maevsi_account; + +-- Only allow selects for social links of the current account. +CREATE POLICY account_social_link_select ON maevsi.account_social_link FOR SELECT USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow inserting social links of the current account. +CREATE POLICY account_social_link_insert ON maevsi.account_social_link FOR INSERT WITH CHECK ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow deleting social links of the current account.. +CREATE POLICY account_social_link_delete ON maevsi.account_social_link FOR DELETE USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +COMMIT; diff --git a/src/deploy/table_social_network.sql b/src/deploy/table_social_network.sql new file mode 100644 index 00000000..0317a099 --- /dev/null +++ b/src/deploy/table_social_network.sql @@ -0,0 +1,20 @@ +-- Deploy maevsi:table_social_network to pg +-- requires: schema_public + +BEGIN; + +CREATE TABLE maevsi.social_network ( + name TEXT PRIMARY KEY +); + +COMMENT ON TABLE maevsi.social_network IS 'Social networks.'; +COMMENT ON COLUMN maevsi.social_network.name IS 'A social network name.'; + +INSERT INTO maevsi.social_network (name) +VALUES + ('Instagram'), + ('TikTok'), + ('Facebook'), + ('X'); + +COMMIT; diff --git a/src/revert/table_account_social_link.sql b/src/revert/table_account_social_link.sql new file mode 100644 index 00000000..839987f3 --- /dev/null +++ b/src/revert/table_account_social_link.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_account_social_link from pg + +BEGIN; + +DROP TABLE maevsi.account_social_link ; + +COMMIT; diff --git a/src/revert/table_account_social_link_policy.sql b/src/revert/table_account_social_link_policy.sql new file mode 100644 index 00000000..55c31b53 --- /dev/null +++ b/src/revert/table_account_social_link_policy.sql @@ -0,0 +1,9 @@ +-- Revert maevsi:table_account_social_link_policy from pg + +BEGIN; + +DROP POLICY account_social_link_select ON maevsi.account_social_link; +DROP POLICY account_social_link_insert ON maevsi.account_social_link; +DROP POLICY account_social_link_delete ON maevsi.account_social_link; + +COMMIT; diff --git a/src/revert/table_social_network.sql b/src/revert/table_social_network.sql new file mode 100644 index 00000000..a1ed9a29 --- /dev/null +++ b/src/revert/table_social_network.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_social_network from pg + +BEGIN; + +DROP TABLE maevsi.social_network; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 4a6e4504..91ae3143 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -69,3 +69,6 @@ table_report [schema_public table_account_public table_event table_upload] 1970- table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. +table_social_network [schema_public] 2024-11-21T12:15:00Z sven # Social networks. +table_account_social_link [schema_public table_account_public table_social_network] 2024-11-21T12:15:00Z sven # Collects the account''s user names in social networks. +table_account_social_link_policy [schema_public table_social_network role_account] 2024-11-21T12:15:00Z sven # Row level security policies for table account_social_link. diff --git a/src/verify/table_account_social_link.sql b/src/verify/table_account_social_link.sql new file mode 100644 index 00000000..fbf50564 --- /dev/null +++ b/src/verify/table_account_social_link.sql @@ -0,0 +1,11 @@ +-- Verify maevsi:table_account_social_link on pg + +BEGIN; + +SELECT + account_id, + social_network_name + social_network_username +FROM maevsi.account_social_link WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_account_social_link_policy.sql b/src/verify/table_account_social_link_policy.sql new file mode 100644 index 00000000..4a8748e4 --- /dev/null +++ b/src/verify/table_account_social_link_policy.sql @@ -0,0 +1,17 @@ +-- Verify maevsi:table_account_social_link_policy on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'INSERT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'UPDATE')); +END $$; + +ROLLBACK; diff --git a/src/verify/table_social_network.sql b/src/verify/table_social_network.sql new file mode 100644 index 00000000..7eaefe1c --- /dev/null +++ b/src/verify/table_social_network.sql @@ -0,0 +1,8 @@ +-- Verify maevsi:table_social_network on pg + +BEGIN; + +SELECT "name" +FROM maevsi.social_network WHERE FALSE; + +ROLLBACK; From 605cd773d156cfe4d24764d88b3ee294fce6bfbc Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 05:59:21 +0100 Subject: [PATCH 051/105] feat(social-network): rework --- schema/schema.definition.sql | 122 ++++++++---------- src/deploy/enum_social_network.sql | 15 +++ src/deploy/table_account_social_link.sql | 20 --- .../table_account_social_link_policy.sql | 22 ---- src/deploy/table_account_social_network.sql | 22 ++++ .../table_account_social_network_policy.sql | 23 ++++ src/deploy/table_social_network.sql | 20 --- src/revert/enum_social_network.sql | 7 + src/revert/table_account_social_link.sql | 7 - .../table_account_social_link_policy.sql | 9 -- src/revert/table_account_social_network.sql | 7 + .../table_account_social_network_policy.sql | 9 ++ src/revert/table_social_network.sql | 7 - src/sqitch.plan | 6 +- src/verify/enum_social_network.sql | 10 ++ src/verify/table_account_social_link.sql | 11 -- .../table_account_social_link_policy.sql | 17 --- src/verify/table_account_social_network.sql | 11 ++ .../table_account_social_network_policy.sql | 102 +++++++++++++++ src/verify/table_social_network.sql | 8 -- 20 files changed, 264 insertions(+), 191 deletions(-) create mode 100644 src/deploy/enum_social_network.sql delete mode 100644 src/deploy/table_account_social_link.sql delete mode 100644 src/deploy/table_account_social_link_policy.sql create mode 100644 src/deploy/table_account_social_network.sql create mode 100644 src/deploy/table_account_social_network_policy.sql delete mode 100644 src/deploy/table_social_network.sql create mode 100644 src/revert/enum_social_network.sql delete mode 100644 src/revert/table_account_social_link.sql delete mode 100644 src/revert/table_account_social_link_policy.sql create mode 100644 src/revert/table_account_social_network.sql create mode 100644 src/revert/table_account_social_network_policy.sql delete mode 100644 src/revert/table_social_network.sql create mode 100644 src/verify/enum_social_network.sql delete mode 100644 src/verify/table_account_social_link.sql delete mode 100644 src/verify/table_account_social_link_policy.sql create mode 100644 src/verify/table_account_social_network.sql create mode 100644 src/verify/table_account_social_network_policy.sql delete mode 100644 src/verify/table_social_network.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index f1bf222d..fe0ed2a7 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -182,6 +182,27 @@ ALTER TYPE maevsi.invitation_feedback_paper OWNER TO postgres; COMMENT ON TYPE maevsi.invitation_feedback_paper IS 'Possible choices on how to receive a paper invitation: none, paper, digital.'; +-- +-- Name: social_network; Type: TYPE; Schema: maevsi; Owner: postgres +-- + +CREATE TYPE maevsi.social_network AS ENUM ( + 'facebook', + 'instagram', + 'tiktok', + 'x' +); + + +ALTER TYPE maevsi.social_network OWNER TO postgres; + +-- +-- Name: TYPE social_network; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TYPE maevsi.social_network IS 'Social networks.'; + + -- -- Name: account_delete(text); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -1580,44 +1601,44 @@ COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.'; -- --- Name: account_social_link; Type: TABLE; Schema: maevsi; Owner: postgres +-- Name: account_social_network; Type: TABLE; Schema: maevsi; Owner: postgres -- -CREATE TABLE maevsi.account_social_link ( +CREATE TABLE maevsi.account_social_network ( account_id uuid NOT NULL, - social_network_name text NOT NULL, + social_network maevsi.social_network NOT NULL, social_network_username text NOT NULL ); -ALTER TABLE maevsi.account_social_link OWNER TO postgres; +ALTER TABLE maevsi.account_social_network OWNER TO postgres; -- --- Name: TABLE account_social_link; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: TABLE account_social_network; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON TABLE maevsi.account_social_link IS 'Collects the account''s user names in social networks.'; +COMMENT ON TABLE maevsi.account_social_network IS 'Links accounts to their social media profiles. Each entry represents a specific social network and associated username for an account.'; -- --- Name: COLUMN account_social_link.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN account_social_network.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.account_social_link.account_id IS 'The account ID.'; +COMMENT ON COLUMN maevsi.account_social_network.account_id IS 'The unique identifier of the account.'; -- --- Name: COLUMN account_social_link.social_network_name; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN account_social_network.social_network; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.account_social_link.social_network_name IS 'The social network name.'; +COMMENT ON COLUMN maevsi.account_social_network.social_network IS 'The social network to which the account is linked.'; -- --- Name: COLUMN account_social_link.social_network_username; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN account_social_network.social_network_username; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.account_social_link.social_network_username IS 'The account owner''s user name in the social network.'; +COMMENT ON COLUMN maevsi.account_social_network.social_network_username IS 'The username of the account on the specified social network.'; -- @@ -2191,31 +2212,6 @@ COMMENT ON CONSTRAINT report_check ON maevsi.report IS 'Ensures that the report COMMENT ON CONSTRAINT report_reason_check ON maevsi.report IS 'Ensures the reason field contains between 1 and 2000 characters.'; --- --- Name: social_network; Type: TABLE; Schema: maevsi; Owner: postgres --- - -CREATE TABLE maevsi.social_network ( - name text NOT NULL -); - - -ALTER TABLE maevsi.social_network OWNER TO postgres; - --- --- Name: TABLE social_network; Type: COMMENT; Schema: maevsi; Owner: postgres --- - -COMMENT ON TABLE maevsi.social_network IS 'Social networks.'; - - --- --- Name: COLUMN social_network.name; Type: COMMENT; Schema: maevsi; Owner: postgres --- - -COMMENT ON COLUMN maevsi.social_network.name IS 'A social network name.'; - - -- -- Name: account; Type: TABLE; Schema: maevsi_private; Owner: postgres -- @@ -2952,11 +2948,18 @@ ALTER TABLE ONLY maevsi.account -- --- Name: account_social_link account_social_link_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: account_social_network account_social_network_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.account_social_network + ADD CONSTRAINT account_social_network_pkey PRIMARY KEY (account_id, social_network); + + +-- +-- Name: CONSTRAINT account_social_network_pkey ON account_social_network; Type: COMMENT; Schema: maevsi; Owner: postgres -- -ALTER TABLE ONLY maevsi.account_social_link - ADD CONSTRAINT account_social_link_pkey PRIMARY KEY (account_id, social_network_name); +COMMENT ON CONSTRAINT account_social_network_pkey ON maevsi.account_social_network IS 'Ensures uniqueness by combining the account ID and social network, allowing each account to have a single entry per social network.'; -- @@ -3126,14 +3129,6 @@ ALTER TABLE ONLY maevsi.report ADD CONSTRAINT report_pkey PRIMARY KEY (id); --- --- Name: social_network social_network_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres --- - -ALTER TABLE ONLY maevsi.social_network - ADD CONSTRAINT social_network_pkey PRIMARY KEY (name); - - -- -- Name: upload upload_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3413,19 +3408,11 @@ ALTER TABLE ONLY maevsi.account -- --- Name: account_social_link account_social_link_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres --- - -ALTER TABLE ONLY maevsi.account_social_link - ADD CONSTRAINT account_social_link_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; - - --- --- Name: account_social_link account_social_link_social_network_name_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- Name: account_social_network account_social_network_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- -ALTER TABLE ONLY maevsi.account_social_link - ADD CONSTRAINT account_social_link_social_network_name_fkey FOREIGN KEY (social_network_name) REFERENCES maevsi.social_network(name) ON DELETE CASCADE; +ALTER TABLE ONLY maevsi.account_social_network + ADD CONSTRAINT account_social_network_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; -- @@ -3634,24 +3621,24 @@ CREATE POLICY account_select ON maevsi.account FOR SELECT USING (true); -- --- Name: account_social_link account_social_link_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- Name: account_social_network account_social_network_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_link_delete ON maevsi.account_social_link FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); -- --- Name: account_social_link account_social_link_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- Name: account_social_network account_social_network_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_link_insert ON maevsi.account_social_link FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); -- --- Name: account_social_link account_social_link_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- Name: account_social_network account_social_network_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_link_select ON maevsi.account_social_link FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); -- @@ -4441,10 +4428,11 @@ GRANT SELECT ON TABLE maevsi.account TO maevsi_anonymous; -- --- Name: TABLE account_social_link; Type: ACL; Schema: maevsi; Owner: postgres +-- Name: TABLE account_social_network; Type: ACL; Schema: maevsi; Owner: postgres -- -GRANT SELECT,INSERT,DELETE ON TABLE maevsi.account_social_link TO maevsi_account; +GRANT SELECT ON TABLE maevsi.account_social_network TO maevsi_anonymous; +GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE maevsi.account_social_network TO maevsi_account; -- diff --git a/src/deploy/enum_social_network.sql b/src/deploy/enum_social_network.sql new file mode 100644 index 00000000..b71aa60f --- /dev/null +++ b/src/deploy/enum_social_network.sql @@ -0,0 +1,15 @@ +-- Deploy maevsi:enum_social_network to pg +-- requires: schema_public + +BEGIN; + +CREATE TYPE maevsi.social_network AS ENUM ( + 'facebook', + 'instagram', + 'tiktok', + 'x' +); + +COMMENT ON TYPE maevsi.social_network IS 'Social networks.'; + +COMMIT; diff --git a/src/deploy/table_account_social_link.sql b/src/deploy/table_account_social_link.sql deleted file mode 100644 index 19e4bd38..00000000 --- a/src/deploy/table_account_social_link.sql +++ /dev/null @@ -1,20 +0,0 @@ --- Deploy maevsi:table_event_category_mapping to pg --- requires: schema_public --- requires: table_account --- requires: table_social_network - -BEGIN; - -CREATE TABLE maevsi.account_social_link ( - account_id UUID NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, - social_network_name TEXT NOT NULL REFERENCES maevsi.social_network(name) ON DELETE CASCADE, - social_network_username TEXT NOT NULL, - PRIMARY KEY (account_id, social_network_name) -); - -COMMENT ON TABLE maevsi.account_social_link IS 'Collects the account''s user names in social networks.'; -COMMENT ON COLUMN maevsi.account_social_link.account_id IS 'The account ID.'; -COMMENT ON COLUMN maevsi.account_social_link.social_network_name IS 'The social network name.'; -COMMENT ON COLUMN maevsi.account_social_link.social_network_username IS 'The account owner''s user name in the social network.'; - -COMMIT; diff --git a/src/deploy/table_account_social_link_policy.sql b/src/deploy/table_account_social_link_policy.sql deleted file mode 100644 index a4bb45eb..00000000 --- a/src/deploy/table_account_social_link_policy.sql +++ /dev/null @@ -1,22 +0,0 @@ --- Deploy maevsi:table_account_social_link_policy to pg - -BEGIN; - -GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_social_link TO maevsi_account; - --- Only allow selects for social links of the current account. -CREATE POLICY account_social_link_select ON maevsi.account_social_link FOR SELECT USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID -); - --- Only allow inserting social links of the current account. -CREATE POLICY account_social_link_insert ON maevsi.account_social_link FOR INSERT WITH CHECK ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID -); - --- Only allow deleting social links of the current account.. -CREATE POLICY account_social_link_delete ON maevsi.account_social_link FOR DELETE USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID -); - -COMMIT; diff --git a/src/deploy/table_account_social_network.sql b/src/deploy/table_account_social_network.sql new file mode 100644 index 00000000..178dab0e --- /dev/null +++ b/src/deploy/table_account_social_network.sql @@ -0,0 +1,22 @@ +-- Deploy maevsi:table_event_category_mapping to pg +-- requires: schema_public +-- requires: table_account +-- requires: enum_social_network + +BEGIN; + +CREATE TABLE maevsi.account_social_network ( + account_id UUID NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + social_network maevsi.social_network NOT NULL, + social_network_username TEXT NOT NULL, + + PRIMARY KEY (account_id, social_network) +); + +COMMENT ON TABLE maevsi.account_social_network IS 'Links accounts to their social media profiles. Each entry represents a specific social network and associated username for an account.'; +COMMENT ON COLUMN maevsi.account_social_network.account_id IS 'The unique identifier of the account.'; +COMMENT ON COLUMN maevsi.account_social_network.social_network IS 'The social network to which the account is linked.'; +COMMENT ON COLUMN maevsi.account_social_network.social_network_username IS 'The username of the account on the specified social network.'; +COMMENT ON CONSTRAINT account_social_network_pkey ON maevsi.account_social_network IS 'Ensures uniqueness by combining the account ID and social network, allowing each account to have a single entry per social network.'; + +COMMIT; diff --git a/src/deploy/table_account_social_network_policy.sql b/src/deploy/table_account_social_network_policy.sql new file mode 100644 index 00000000..2a10f320 --- /dev/null +++ b/src/deploy/table_account_social_network_policy.sql @@ -0,0 +1,23 @@ +-- Deploy maevsi:table_account_social_network_policy to pg + +BEGIN; + +GRANT SELECT ON TABLE maevsi.account_social_network TO maevsi_anonymous; +GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE maevsi.account_social_network TO maevsi_account; + +-- Only allow inserting social links of the current account. +CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow updating social links of the current account. +CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +-- Only allow deleting social links of the current account.. +CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ( + account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID +); + +COMMIT; diff --git a/src/deploy/table_social_network.sql b/src/deploy/table_social_network.sql deleted file mode 100644 index 0317a099..00000000 --- a/src/deploy/table_social_network.sql +++ /dev/null @@ -1,20 +0,0 @@ --- Deploy maevsi:table_social_network to pg --- requires: schema_public - -BEGIN; - -CREATE TABLE maevsi.social_network ( - name TEXT PRIMARY KEY -); - -COMMENT ON TABLE maevsi.social_network IS 'Social networks.'; -COMMENT ON COLUMN maevsi.social_network.name IS 'A social network name.'; - -INSERT INTO maevsi.social_network (name) -VALUES - ('Instagram'), - ('TikTok'), - ('Facebook'), - ('X'); - -COMMIT; diff --git a/src/revert/enum_social_network.sql b/src/revert/enum_social_network.sql new file mode 100644 index 00000000..14dcf278 --- /dev/null +++ b/src/revert/enum_social_network.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:enum_social_network from pg + +BEGIN; + +DROP TYPE maevsi.social_network; + +COMMIT; diff --git a/src/revert/table_account_social_link.sql b/src/revert/table_account_social_link.sql deleted file mode 100644 index 839987f3..00000000 --- a/src/revert/table_account_social_link.sql +++ /dev/null @@ -1,7 +0,0 @@ --- Revert maevsi:table_account_social_link from pg - -BEGIN; - -DROP TABLE maevsi.account_social_link ; - -COMMIT; diff --git a/src/revert/table_account_social_link_policy.sql b/src/revert/table_account_social_link_policy.sql deleted file mode 100644 index 55c31b53..00000000 --- a/src/revert/table_account_social_link_policy.sql +++ /dev/null @@ -1,9 +0,0 @@ --- Revert maevsi:table_account_social_link_policy from pg - -BEGIN; - -DROP POLICY account_social_link_select ON maevsi.account_social_link; -DROP POLICY account_social_link_insert ON maevsi.account_social_link; -DROP POLICY account_social_link_delete ON maevsi.account_social_link; - -COMMIT; diff --git a/src/revert/table_account_social_network.sql b/src/revert/table_account_social_network.sql new file mode 100644 index 00000000..1fe9f072 --- /dev/null +++ b/src/revert/table_account_social_network.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_account_social_network from pg + +BEGIN; + +DROP TABLE maevsi.account_social_network ; + +COMMIT; diff --git a/src/revert/table_account_social_network_policy.sql b/src/revert/table_account_social_network_policy.sql new file mode 100644 index 00000000..87be1edc --- /dev/null +++ b/src/revert/table_account_social_network_policy.sql @@ -0,0 +1,9 @@ +-- Revert maevsi:table_account_social_network_policy from pg + +BEGIN; + +DROP POLICY account_social_network_insert ON maevsi.account_social_network; +DROP POLICY account_social_network_update ON maevsi.account_social_network; +DROP POLICY account_social_network_delete ON maevsi.account_social_network; + +COMMIT; diff --git a/src/revert/table_social_network.sql b/src/revert/table_social_network.sql deleted file mode 100644 index a1ed9a29..00000000 --- a/src/revert/table_social_network.sql +++ /dev/null @@ -1,7 +0,0 @@ --- Revert maevsi:table_social_network from pg - -BEGIN; - -DROP TABLE maevsi.social_network; - -COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 91ae3143..1cf4f7c5 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -69,6 +69,6 @@ table_report [schema_public table_account_public table_event table_upload] 1970- table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. -table_social_network [schema_public] 2024-11-21T12:15:00Z sven # Social networks. -table_account_social_link [schema_public table_account_public table_social_network] 2024-11-21T12:15:00Z sven # Collects the account''s user names in social networks. -table_account_social_link_policy [schema_public table_social_network role_account] 2024-11-21T12:15:00Z sven # Row level security policies for table account_social_link. +enum_social_network [schema_public] 1970-01-01T00:00:00Z sven # Social networks. +table_account_social_network [schema_public table_account_public enum_social_network] 1970-01-01T00:00:00Z sven # Links accounts to their social media profiles. +table_account_social_network_policy [schema_public table_account_social_network role_account] 1970-01-01T00:00:00Z sven # Row level security policies for table account_social_network. diff --git a/src/verify/enum_social_network.sql b/src/verify/enum_social_network.sql new file mode 100644 index 00000000..8fc989b4 --- /dev/null +++ b/src/verify/enum_social_network.sql @@ -0,0 +1,10 @@ +-- Verify maevsi:enum_social_network on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_type_privilege('maevsi.social_network', 'USAGE')); +END $$; + +ROLLBACK; diff --git a/src/verify/table_account_social_link.sql b/src/verify/table_account_social_link.sql deleted file mode 100644 index fbf50564..00000000 --- a/src/verify/table_account_social_link.sql +++ /dev/null @@ -1,11 +0,0 @@ --- Verify maevsi:table_account_social_link on pg - -BEGIN; - -SELECT - account_id, - social_network_name - social_network_username -FROM maevsi.account_social_link WHERE FALSE; - -ROLLBACK; diff --git a/src/verify/table_account_social_link_policy.sql b/src/verify/table_account_social_link_policy.sql deleted file mode 100644 index 4a8748e4..00000000 --- a/src/verify/table_account_social_link_policy.sql +++ /dev/null @@ -1,17 +0,0 @@ --- Verify maevsi:table_account_social_link_policy on pg - -BEGIN; - -DO $$ -BEGIN - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'SELECT')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'INSERT')); - ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'DELETE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_social_link', 'UPDATE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'SELECT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'INSERT')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'DELETE')); - ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_social_link', 'UPDATE')); -END $$; - -ROLLBACK; diff --git a/src/verify/table_account_social_network.sql b/src/verify/table_account_social_network.sql new file mode 100644 index 00000000..0bef8657 --- /dev/null +++ b/src/verify/table_account_social_network.sql @@ -0,0 +1,11 @@ +-- Verify maevsi:table_account_social_network on pg + +BEGIN; + +SELECT + account_id, + social_network + social_network_username +FROM maevsi.account_social_network WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_account_social_network_policy.sql b/src/verify/table_account_social_network_policy.sql new file mode 100644 index 00000000..dd9ada1a --- /dev/null +++ b/src/verify/table_account_social_network_policy.sql @@ -0,0 +1,102 @@ +-- Verify maevsi:table_account_social_network_policy on pg + +BEGIN; + +SAVEPOINT select_account; +DO $$ +BEGIN + SET LOCAL role TO maevsi_account; + PERFORM * FROM maevsi.account_social_network; +END $$; +ROLLBACK TO SAVEPOINT select_account; + +SAVEPOINT select_anonymous; +DO $$ +BEGIN + SET LOCAL role TO maevsi_anonymous; + PERFORM * FROM maevsi.account_social_network; +END $$; +ROLLBACK TO SAVEPOINT select_anonymous; + +SAVEPOINT insert_account; +DO $$ +BEGIN + INSERT INTO maevsi_private.account(id, email_address, password_hash) VALUES ('00000000-0000-0000-0000-000000000000', 'email@example.com', '$2a$06$xdJFoht/HQ/4798obSknNOc6hiBe60HXriyW/Oa3Ch7Oo3F.9WGLe'); + INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); + + SET LOCAL role TO maevsi_account; + INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) + VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); +END $$; +ROLLBACK TO SAVEPOINT insert_account; + +SAVEPOINT insert_anonymous; +DO $$ +BEGIN + INSERT INTO maevsi_private.account(id, email_address, password_hash) VALUES ('00000000-0000-0000-0000-000000000000', 'email@example.com', '$2a$06$xdJFoht/HQ/4798obSknNOc6hiBe60HXriyW/Oa3Ch7Oo3F.9WGLe'); + INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); + + SET LOCAL role TO maevsi_anonymous; + INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) + VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); + RAISE EXCEPTION 'Test insert_anonymous failed: Anonymous users should not be able to insert'; +EXCEPTION WHEN others THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT insert_anonymous; + +SAVEPOINT update_account; +DO $$ +BEGIN + INSERT INTO maevsi_private.account(id, email_address, password_hash) VALUES ('00000000-0000-0000-0000-000000000000', 'email@example.com', '$2a$06$xdJFoht/HQ/4798obSknNOc6hiBe60HXriyW/Oa3Ch7Oo3F.9WGLe'); + INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); + INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); + + SET LOCAL role TO maevsi_account; + UPDATE maevsi.account_social_network SET social_network_username = 'username-updated'; +END $$; +ROLLBACK TO SAVEPOINT update_account; + +SAVEPOINT insert_anonymous; +DO $$ +BEGIN + INSERT INTO maevsi_private.account(id, email_address, password_hash) VALUES ('00000000-0000-0000-0000-000000000000', 'email@example.com', '$2a$06$xdJFoht/HQ/4798obSknNOc6hiBe60HXriyW/Oa3Ch7Oo3F.9WGLe'); + INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); + INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); + + SET LOCAL role TO maevsi_anonymous; + UPDATE maevsi.account_social_network SET social_network_username = 'username-updated'; + RAISE EXCEPTION 'Test update_anonymous failed: Anonymous users should not be able to update'; +EXCEPTION WHEN others THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT insert_anonymous; + +SAVEPOINT delete_account; +DO $$ +BEGIN + INSERT INTO maevsi_private.account(id, email_address, password_hash) VALUES ('00000000-0000-0000-0000-000000000000', 'email@example.com', '$2a$06$xdJFoht/HQ/4798obSknNOc6hiBe60HXriyW/Oa3Ch7Oo3F.9WGLe'); + INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); + INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); + + SET LOCAL role TO maevsi_account; + DELETE FROM maevsi.account_social_network; +END $$; +ROLLBACK TO SAVEPOINT delete_account; + +SAVEPOINT delete_anonymous; +DO $$ +BEGIN + INSERT INTO maevsi_private.account(id, email_address, password_hash) VALUES ('00000000-0000-0000-0000-000000000000', 'email@example.com', '$2a$06$xdJFoht/HQ/4798obSknNOc6hiBe60HXriyW/Oa3Ch7Oo3F.9WGLe'); + INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); + INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); + + SET LOCAL role TO maevsi_anonymous; + DELETE FROM maevsi.account_social_network; + RAISE EXCEPTION 'Test delete_anonymous failed: Anonymous users should not be able to delete'; +EXCEPTION WHEN others THEN + NULL; +END $$; +ROLLBACK TO SAVEPOINT delete_anonymous; + +ROLLBACK; diff --git a/src/verify/table_social_network.sql b/src/verify/table_social_network.sql deleted file mode 100644 index 7eaefe1c..00000000 --- a/src/verify/table_social_network.sql +++ /dev/null @@ -1,8 +0,0 @@ --- Verify maevsi:table_social_network on pg - -BEGIN; - -SELECT "name" -FROM maevsi.social_network WHERE FALSE; - -ROLLBACK; From 5c3a3ae9c43184d89349f0cf4250e670578e50b0 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 6 Dec 2024 05:14:40 +0000 Subject: [PATCH 052/105] chore(release): 4.2.0 [skip ci] ## [4.2.0](https://github.com/maevsi/sqitch/compare/4.1.1...4.2.0) (2024-12-06) ### Features * **account:** add social links ([b23fa1d](https://github.com/maevsi/sqitch/commit/b23fa1d6608275eadef48c33202bf33ae9b92411)) * **social-network:** rework ([605cd77](https://github.com/maevsi/sqitch/commit/605cd773d156cfe4d24764d88b3ee294fce6bfbc)) --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 81acd2d0..b18b3c44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [4.2.0](https://github.com/maevsi/sqitch/compare/4.1.1...4.2.0) (2024-12-06) + +### Features + +* **account:** add social links ([b23fa1d](https://github.com/maevsi/sqitch/commit/b23fa1d6608275eadef48c33202bf33ae9b92411)) +* **social-network:** rework ([605cd77](https://github.com/maevsi/sqitch/commit/605cd773d156cfe4d24764d88b3ee294fce6bfbc)) + ## [4.1.1](https://github.com/maevsi/sqitch/compare/4.1.0...4.1.1) (2024-12-05) ### Bug Fixes diff --git a/package.json b/package.json index 75f6398a..e772f3d4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.1.1", + "version": "4.2.0", "private": true, "engines": { "node": "22" From 93386233fd89a5c1fd7a2cfec4cce6c8a30be935 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 07:02:10 +0100 Subject: [PATCH 053/105] feat(event): remove size function --- schema/schema.definition.sql | 43 ------------------------------ src/deploy/function_event_size.sql | 33 ----------------------- src/revert/function_event_size.sql | 7 ----- src/sqitch.plan | 1 - src/verify/function_event_size.sql | 11 -------- 5 files changed, 95 deletions(-) delete mode 100644 src/deploy/function_event_size.sql delete mode 100644 src/revert/function_event_size.sql delete mode 100644 src/verify/function_event_size.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 48522126..2787b568 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -907,40 +907,6 @@ ALTER FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text) OWNER COMMENT ON FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text) IS 'Shows if an event exists.'; --- --- Name: event_size(uuid); Type: FUNCTION; Schema: maevsi; Owner: postgres --- - -CREATE FUNCTION maevsi.event_size(p_id uuid) RETURNS maevsi.event_size - LANGUAGE plpgsql STABLE STRICT SECURITY DEFINER - AS $$ -DECLARE - _size maevsi.event_size := NULL; -BEGIN - SELECT - CASE - WHEN invitee_count_maximum <= 9 THEN 'small'::maevsi.event_size - WHEN invitee_count_maximum <= 49 THEN 'medium'::maevsi.event_size - WHEN invitee_count_maximum <= 999 THEN 'large'::maevsi.event_size - ELSE 'huge'::maevsi.event_size - END INTO _size - FROM maevsi.event - WHERE id = p_id; - - RETURN _size; -END -$$; - - -ALTER FUNCTION maevsi.event_size(p_id uuid) OWNER TO postgres; - --- --- Name: FUNCTION event_size(p_id uuid); Type: COMMENT; Schema: maevsi; Owner: postgres --- - -COMMENT ON FUNCTION maevsi.event_size(p_id uuid) IS 'For a given event id the function returns the corresponding event size, or null if the event id does not exist.'; - - -- -- Name: event_unlock(uuid); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -4118,15 +4084,6 @@ GRANT ALL ON FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text GRANT ALL ON FUNCTION maevsi.event_is_existing(author_account_id uuid, slug text) TO maevsi_anonymous; --- --- Name: FUNCTION event_size(p_id uuid); Type: ACL; Schema: maevsi; Owner: postgres --- - -REVOKE ALL ON FUNCTION maevsi.event_size(p_id uuid) FROM PUBLIC; -GRANT ALL ON FUNCTION maevsi.event_size(p_id uuid) TO maevsi_account; -GRANT ALL ON FUNCTION maevsi.event_size(p_id uuid) TO maevsi_anonymous; - - -- -- Name: FUNCTION event_unlock(invitation_id uuid); Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/function_event_size.sql b/src/deploy/function_event_size.sql deleted file mode 100644 index 9e542e72..00000000 --- a/src/deploy/function_event_size.sql +++ /dev/null @@ -1,33 +0,0 @@ --- Deploy maevsi:function_event_size to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_event --- requires: role_account --- requires: role_anonymous - -BEGIN; - -CREATE FUNCTION maevsi.event_size(p_id UUID) -RETURNS maevsi.event_size AS $$ -DECLARE - _size maevsi.event_size := NULL; -BEGIN - SELECT - CASE - WHEN invitee_count_maximum <= 9 THEN 'small'::maevsi.event_size - WHEN invitee_count_maximum <= 49 THEN 'medium'::maevsi.event_size - WHEN invitee_count_maximum <= 999 THEN 'large'::maevsi.event_size - ELSE 'huge'::maevsi.event_size - END INTO _size - FROM maevsi.event - WHERE id = p_id; - - RETURN _size; -END -$$ LANGUAGE PLPGSQL STRICT STABLE SECURITY DEFINER; - -COMMENT ON FUNCTION maevsi.event_size(UUID) IS 'For a given event id the function returns the corresponding event size, or null if the event id does not exist.'; - -GRANT EXECUTE ON FUNCTION maevsi.event_size(UUID) TO maevsi_account, maevsi_anonymous; - -COMMIT; diff --git a/src/revert/function_event_size.sql b/src/revert/function_event_size.sql deleted file mode 100644 index 632c0d4c..00000000 --- a/src/revert/function_event_size.sql +++ /dev/null @@ -1,7 +0,0 @@ --- Revert maevsi:function_event_size from pg - -BEGIN; - -DROP FUNCTION maevsi.event_size; - -COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 17483e5f..ce0f63ed 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -70,6 +70,5 @@ table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:0 table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. -function_event_size [schema_public table_event enum_event_size role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # For a given event id the function returns the corresponding event size. table_account_preference_event_size [schema_public table_account_public enum_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. diff --git a/src/verify/function_event_size.sql b/src/verify/function_event_size.sql deleted file mode 100644 index 82c643d7..00000000 --- a/src/verify/function_event_size.sql +++ /dev/null @@ -1,11 +0,0 @@ --- Verify maevsi:function_event_size on pg - -BEGIN; - -DO $$ -BEGIN - ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.event_size(UUID)', 'EXECUTE')); - ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.event_size(UUID)', 'EXECUTE')); -END $$; - -ROLLBACK; From 9f9e5b39f720941a13a7743e23a49126b3db67b9 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 07:02:54 +0100 Subject: [PATCH 054/105] chore(account): correct requirements for event size preference --- src/deploy/table_account_preference_event_size_policy.sql | 3 +++ src/sqitch.plan | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/deploy/table_account_preference_event_size_policy.sql b/src/deploy/table_account_preference_event_size_policy.sql index 2f06b1dd..f9cf54aa 100644 --- a/src/deploy/table_account_preference_event_size_policy.sql +++ b/src/deploy/table_account_preference_event_size_policy.sql @@ -1,4 +1,7 @@ -- Deploy maevsi:table_account_preference_event_size_policy to pg +-- requires: schema_public +-- requires: table_account_preference_event_size +-- requires: role_account BEGIN; diff --git a/src/sqitch.plan b/src/sqitch.plan index ce0f63ed..53f30c21 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -70,5 +70,5 @@ table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:0 table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. -table_account_preference_event_size [schema_public table_account_public enum_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). +table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. From 8b973f4e9d3dffa3cf4147afc24528977a052b9b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 6 Dec 2024 06:13:27 +0000 Subject: [PATCH 055/105] chore(release): 4.3.0 [skip ci] ## [4.3.0](https://github.com/maevsi/sqitch/compare/4.2.0...4.3.0) (2024-12-06) ### Features * **account:** Add ability to store an account's preferred event sizes ([5f47988](https://github.com/maevsi/sqitch/commit/5f47988bc0ebedf2caa3a38399adc4f4de6c5b38)) * **event:** Add event sizes ([e3b389b](https://github.com/maevsi/sqitch/commit/e3b389bb302b16a208a1dddedc35f1b909175af6)) * **event:** remove size function ([9338623](https://github.com/maevsi/sqitch/commit/93386233fd89a5c1fd7a2cfec4cce6c8a30be935)) --- CHANGELOG.md | 8 ++++++++ package.json | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b18b3c44..91e2a4fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## [4.3.0](https://github.com/maevsi/sqitch/compare/4.2.0...4.3.0) (2024-12-06) + +### Features + +* **account:** Add ability to store an account's preferred event sizes ([5f47988](https://github.com/maevsi/sqitch/commit/5f47988bc0ebedf2caa3a38399adc4f4de6c5b38)) +* **event:** Add event sizes ([e3b389b](https://github.com/maevsi/sqitch/commit/e3b389bb302b16a208a1dddedc35f1b909175af6)) +* **event:** remove size function ([9338623](https://github.com/maevsi/sqitch/commit/93386233fd89a5c1fd7a2cfec4cce6c8a30be935)) + ## [4.2.0](https://github.com/maevsi/sqitch/compare/4.1.1...4.2.0) (2024-12-06) ### Features diff --git a/package.json b/package.json index e772f3d4..4b314a3c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.2.0", + "version": "4.3.0", "private": true, "engines": { "node": "22" From 0b54d07d2e4639c6778c096d5356ce8ddbcd9758 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 07:41:27 +0100 Subject: [PATCH 056/105] test(account): improve for registration notification --- src/verify/function_account_registration.sql | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/verify/function_account_registration.sql b/src/verify/function_account_registration.sql index 095c3752..53fe91e0 100644 --- a/src/verify/function_account_registration.sql +++ b/src/verify/function_account_registration.sql @@ -76,15 +76,13 @@ ROLLBACK TO SAVEPOINT username_length; SAVEPOINT notification; DO $$ -DECLARE - account_id UUID; BEGIN - account_id := maevsi.account_registration('username', 'email@example.com', 'password', 'en'); + PERFORM maevsi.account_registration('username-8b973f', 'email@example.com', 'password', 'en'); IF NOT EXISTS ( SELECT 1 FROM maevsi_private.notification WHERE channel = 'account_registration' - AND payload::jsonb -> 'account' ->> 'username' = 'username' + AND payload::jsonb -> 'account' ->> 'username' = 'username-8b973f' ) THEN RAISE EXCEPTION 'Test failed: Notification not generated'; END IF; From 5606344016974dd223ece949fb11d0d4b02400de Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 10:22:16 +0100 Subject: [PATCH 057/105] fix(account): enable row level security for social networks --- schema/schema.definition.sql | 6 ++++++ src/deploy/table_account_social_network_policy.sql | 2 ++ src/verify/table_account_social_network_policy.sql | 1 + 3 files changed, 9 insertions(+) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index e580d798..15f89380 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -3725,6 +3725,12 @@ CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_ CREATE POLICY account_select ON maevsi.account FOR SELECT USING (true); +-- +-- Name: account_social_network; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.account_social_network ENABLE ROW LEVEL SECURITY; + -- -- Name: account_social_network account_social_network_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_account_social_network_policy.sql b/src/deploy/table_account_social_network_policy.sql index 2a10f320..2e4ef9d2 100644 --- a/src/deploy/table_account_social_network_policy.sql +++ b/src/deploy/table_account_social_network_policy.sql @@ -5,6 +5,8 @@ BEGIN; GRANT SELECT ON TABLE maevsi.account_social_network TO maevsi_anonymous; GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE maevsi.account_social_network TO maevsi_account; +ALTER TABLE maevsi.account_social_network ENABLE ROW LEVEL SECURITY; + -- Only allow inserting social links of the current account. CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ( account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID diff --git a/src/verify/table_account_social_network_policy.sql b/src/verify/table_account_social_network_policy.sql index dd9ada1a..76fe0032 100644 --- a/src/verify/table_account_social_network_policy.sql +++ b/src/verify/table_account_social_network_policy.sql @@ -25,6 +25,7 @@ BEGIN INSERT INTO maevsi.account(id, username) VALUES ('00000000-0000-0000-0000-000000000000', 'username'); SET LOCAL role TO maevsi_account; + SET LOCAL jwt.claims.account_id TO '00000000-0000-0000-0000-000000000000'; INSERT INTO maevsi.account_social_network(account_id, social_network, social_network_username) VALUES ('00000000-0000-0000-0000-000000000000', 'instagram', 'username'); END $$; From b25e0fe56f8e2da43811cdf29b6fa6eeb50873e3 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 10:29:07 +0100 Subject: [PATCH 058/105] chore(docker): disable secrets warning --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index f680723b..f8685c23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,6 @@ +# syntax=docker/dockerfile:1 +# check=skip=SecretsUsedInArgOrEnv + ############################## FROM sqitch/sqitch:v1.4.1.2 AS development From dd3e239f0ba7ddd9a002ae6190801ee4032f0b61 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 6 Dec 2024 09:32:52 +0000 Subject: [PATCH 059/105] chore(release): 4.3.1 [skip ci] ## [4.3.1](https://github.com/maevsi/sqitch/compare/4.3.0...4.3.1) (2024-12-06) ### Bug Fixes * **account:** enable row level security for social networks ([5606344](https://github.com/maevsi/sqitch/commit/5606344016974dd223ece949fb11d0d4b02400de)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 91e2a4fc..35b1658d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.3.1](https://github.com/maevsi/sqitch/compare/4.3.0...4.3.1) (2024-12-06) + +### Bug Fixes + +* **account:** enable row level security for social networks ([5606344](https://github.com/maevsi/sqitch/commit/5606344016974dd223ece949fb11d0d4b02400de)) + ## [4.3.0](https://github.com/maevsi/sqitch/compare/4.2.0...4.3.0) (2024-12-06) ### Features diff --git a/package.json b/package.json index 4b314a3c..593fa90a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.3.0", + "version": "4.3.1", "private": true, "engines": { "node": "22" From db933eae66966a7cf0db446235ff0dc38999260a Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 6 Dec 2024 09:31:07 +0100 Subject: [PATCH 060/105] chore(recommendation): work in feedback --- schema/schema.definition.sql | 21 ++++++++++++--- src/deploy/table_account_interest.sql | 2 +- src/deploy/table_account_interest_policy.sql | 3 +++ src/deploy/table_event_category.sql | 19 +------------ src/deploy/table_event_category_mapping.sql | 2 +- .../table_event_category_mapping_policy.sql | 27 ++++++++++++------- src/deploy/table_event_category_policy.sql | 13 +++++++++ src/deploy/table_event_recommendation.sql | 2 +- .../table_event_recommendation_policy.sql | 5 ++-- src/revert/table_event_category_policy.sql | 5 ++++ .../table_event_recommendation_policy.sql | 2 +- src/sqitch.plan | 15 ++++++----- src/verify/table_account_interest_policy.sql | 8 ++++++ .../table_event_category_mapping_policy.sql | 8 ++++++ src/verify/table_event_category_policy.sql | 21 +++++++++++++++ .../table_event_recommendation_policy.sql | 8 ++++++ 16 files changed, 118 insertions(+), 43 deletions(-) create mode 100644 src/deploy/table_event_category_policy.sql create mode 100644 src/revert/table_event_category_policy.sql create mode 100644 src/verify/table_event_category_policy.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 010e8ec9..d2b3767f 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1924,7 +1924,7 @@ ALTER TABLE maevsi.event_category_mapping OWNER TO postgres; -- Name: TABLE event_category_mapping; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON TABLE maevsi.event_category_mapping IS 'Mepping events to categories (M:N relationship).'; +COMMENT ON TABLE maevsi.event_category_mapping IS 'Mapping events to categories (M:N relationship).'; -- @@ -4046,6 +4046,12 @@ CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING ((((NULLIF(curre ALTER TABLE maevsi.event ENABLE ROW LEVEL SECURITY; +-- +-- Name: event_category_mapping; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.event_category_mapping ENABLE ROW LEVEL SECURITY; + -- -- Name: event_category_mapping event_category_mapping_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- @@ -4068,9 +4074,9 @@ CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR -- Name: event_category_mapping event_category_mapping_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND ((( SELECT event.author_account_id +CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING (((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited))))); + WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); -- @@ -4857,10 +4863,19 @@ GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE maevsi.contact TO maevsi_account; GRANT SELECT ON TABLE maevsi.contact TO maevsi_anonymous; +-- +-- Name: TABLE event_category; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT ON TABLE maevsi.event_category TO maevsi_anonymous; +GRANT SELECT ON TABLE maevsi.event_category TO maevsi_account; + + -- -- Name: TABLE event_category_mapping; Type: ACL; Schema: maevsi; Owner: postgres -- +GRANT SELECT ON TABLE maevsi.event_category_mapping TO maevsi_anonymous; GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; diff --git a/src/deploy/table_account_interest.sql b/src/deploy/table_account_interest.sql index d4402bae..1abcfc96 100644 --- a/src/deploy/table_account_interest.sql +++ b/src/deploy/table_account_interest.sql @@ -1,6 +1,6 @@ -- Deploy maevsi:table_account_interest to pg -- requires: schema_public --- requires: table_event +-- requires: table_account_public -- requires: table_event_category BEGIN; diff --git a/src/deploy/table_account_interest_policy.sql b/src/deploy/table_account_interest_policy.sql index f7e9f0ad..a57370bc 100644 --- a/src/deploy/table_account_interest_policy.sql +++ b/src/deploy/table_account_interest_policy.sql @@ -1,4 +1,7 @@ -- Deploy maevsi:table_account_interest_policy to pg +-- requires: schema_public +-- requires: table_account_interest +-- requires: role_account BEGIN; diff --git a/src/deploy/table_event_category.sql b/src/deploy/table_event_category.sql index 85770c04..11eef9df 100644 --- a/src/deploy/table_event_category.sql +++ b/src/deploy/table_event_category.sql @@ -1,4 +1,5 @@ -- Deploy maevsi:table_event_category to pg +-- requires: schema_public BEGIN; @@ -9,22 +10,4 @@ CREATE TABLE maevsi.event_category( COMMENT ON TABLE maevsi.event_category IS 'Event categories.'; COMMENT ON COLUMN maevsi.event_category.category IS 'A category name.'; -INSERT INTO maevsi.event_category(category) -VALUES ('bar'), - ('charities'), - ('culture'), - ('fashion'), - ('festival'), - ('film'), - ('food_and_drinks'), - ('kids_and_family'), - ('lectures_and_books'), - ('music'), - ('networking'), - ('nightlife'), - ('performing_arts'), - ('seminars'), - ('sports_and_active_life'), - ('visual_arts'); - END; diff --git a/src/deploy/table_event_category_mapping.sql b/src/deploy/table_event_category_mapping.sql index c23b2ee4..e2fa717d 100644 --- a/src/deploy/table_event_category_mapping.sql +++ b/src/deploy/table_event_category_mapping.sql @@ -11,7 +11,7 @@ CREATE TABLE maevsi.event_category_mapping ( PRIMARY KEY (event_id, category) ); -COMMENT ON TABLE maevsi.event_category_mapping IS 'Mepping events to categories (M:N relationship).'; +COMMENT ON TABLE maevsi.event_category_mapping IS 'Mapping events to categories (M:N relationship).'; COMMENT ON COLUMN maevsi.event_category_mapping.event_id IS 'An event id.'; COMMENT ON COLUMN maevsi.event_category_mapping.category IS 'A category name.'; diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index 276c3d9e..46346358 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -1,18 +1,31 @@ -- Deploy maevsi:table_event_category_mapping_policy to pg +-- requires: schema_public +-- requires: table_event_category_mapping +-- requires: role_anonymous +-- requires: role_account +-- requires: table_event BEGIN; +GRANT SELECT ON TABLE maevsi.event_category_mapping TO maevsi_anonymous; GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; +ALTER TABLE maevsi.event_category_mapping ENABLE ROW LEVEL SECURITY; + -- Only allow selects for events authored by user, events that are public or that the user is invited to. -- Exclude events created by a blocked user and invitated events where the invation comes form a blocked user. CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL - AND ( - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID --- TODO: condition using table maevsi.account_block to be added later + ( + NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + AND ( + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + ) + ) + OR + event_id IN (SELECT maevsi_private.events_invited()) + -- TODO: condition using table maevsi.account_block to be added later /* - OR + AND (SELECT visibility FROM maevsi.event WHERE id = event_id) = 'public' AND event_id NOT IN ( SELECT e.event_id @@ -20,10 +33,6 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR WHERE b.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ) */ - OR - -- exclusion of invitations from a blocked account implemented in function events_invited - event_id IN (SELECT maevsi_private.events_invited()) - ) ); -- Only allow inserts for events authored by user. diff --git a/src/deploy/table_event_category_policy.sql b/src/deploy/table_event_category_policy.sql new file mode 100644 index 00000000..a2ae6e91 --- /dev/null +++ b/src/deploy/table_event_category_policy.sql @@ -0,0 +1,13 @@ +-- Deploy maevsi:table_event_category_policy to pg +-- requires: schema_public +-- requires: table_event_category +-- requires: role_anonymous +-- requires: role_account + +BEGIN; + +GRANT SELECT ON TABLE maevsi.event_category TO maevsi_anonymous, maevsi_account; + +-- no row level security necessary for this table as it does not contain user data + +COMMIT; diff --git a/src/deploy/table_event_recommendation.sql b/src/deploy/table_event_recommendation.sql index 559c0fd3..371fdf6e 100644 --- a/src/deploy/table_event_recommendation.sql +++ b/src/deploy/table_event_recommendation.sql @@ -1,6 +1,6 @@ -- Deploy maevsi:table_event_recommendation to pg -- requires: schema_public --- requires: table_account +-- requires: table_account_public -- requires: table_event BEGIN; diff --git a/src/deploy/table_event_recommendation_policy.sql b/src/deploy/table_event_recommendation_policy.sql index a5e51b4e..f58cfd7c 100644 --- a/src/deploy/table_event_recommendation_policy.sql +++ b/src/deploy/table_event_recommendation_policy.sql @@ -1,4 +1,7 @@ -- Deploy maevsi:table_event_recommendation_policy to pg +-- requires: schema_public +-- requires: table_event_recommendation +-- requires: role_anonymous BEGIN; @@ -13,6 +16,4 @@ CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SEL account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ); --- TODO: policies for background process updating the recommendations - COMMIT; diff --git a/src/revert/table_event_category_policy.sql b/src/revert/table_event_category_policy.sql new file mode 100644 index 00000000..c3d3b283 --- /dev/null +++ b/src/revert/table_event_category_policy.sql @@ -0,0 +1,5 @@ +-- Revert maevsi:table_event_category_policy from pg + +BEGIN; + +COMMIT; diff --git a/src/revert/table_event_recommendation_policy.sql b/src/revert/table_event_recommendation_policy.sql index b9dd3de4..4484c3e7 100644 --- a/src/revert/table_event_recommendation_policy.sql +++ b/src/revert/table_event_recommendation_policy.sql @@ -2,6 +2,6 @@ BEGIN; --- XXX Add DDLs here. +DROP POLICY event_recommendation_select ON maevsi.event_recommendation; COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 9a058876..b6561c62 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -75,10 +75,11 @@ table_account_social_network_policy [schema_public table_account_social_network enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. -table_event_category [schema_public] 2024-01-19T14:03:33Z sven # Event categories. -table_account_interest [schema_public] 2024-01-19T14:06:54Z marlon # Event categories a user account is interested in (M:N relationship). -table_event_category_mapping [schema_public table_event table_event_category] 2024-01-19T14:10:16Z marlon # Mepping events to categories (M:N relationship). -table_event_recommendation [schema_public table_account_private table_event] 2024-01-19T14:12:12Z marlon # Events recommended to a user account (M:N relationship). -table_account_interest_policy [schema_public table_account_interest] 2024-01-25T20:55:28Z marlon # Row level security policies for table account_interest_policy. -table_event_recommendation_policy [schema_public table_event_recommendation] 2024-01-25T21:28:46Z marlon # Row level security policies for table event_recommendation. -table_event_category_mapping_policy [schema_public table_event_category_mapping] 2024-01-25T21:40:30Z marlon # Row level security policies for table event_recommendation_mapping. +table_event_category [schema_public] 1970-01-01T00:00:00Z sven # Event categories. +table_event_category_policy [schema_public table_event_category role_anonymous role_account] 1970-01-01T00:00:00Z marlon # Row level security policies for table event_category. +table_account_interest [schema_public table_account_public table_event_category] 1970-01-01T00:00:00Z marlon # Event categories a user account is interested in (M:N relationship). +table_account_interest_policy [schema_public table_account_interest role_account] 1970-01-01T00:00:00Z marlon # Row level security policies for table account_interest. +table_event_category_mapping [schema_public table_event table_event_category] 1970-01-01T00:00:00Z marlon # Mapping events to categories (M:N relationship). +table_event_category_mapping_policy [schema_public table_event_category_mapping role_anonymous role_account table_event]1970-01-01T00:00:00Z marlon # Row level security policies for table table_event_category_mapping. +table_event_recommendation [schema_public table_account_public table_event] 1970-01-01T00:00:00Z marlon # Events recommended to a user account (M:N relationship). +table_event_recommendation_policy [schema_public table_event_recommendation role_account] 1970-01-01T00:00:00Z marlon # Row level security policies for table event_recommendation. diff --git a/src/verify/table_account_interest_policy.sql b/src/verify/table_account_interest_policy.sql index f2544d6a..3f1ad19e 100644 --- a/src/verify/table_account_interest_policy.sql +++ b/src/verify/table_account_interest_policy.sql @@ -8,6 +8,14 @@ BEGIN ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'INSERT')); ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'DELETE')); ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_interest', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_interest', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_interest', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_interest', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_interest', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_interest', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_interest', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_interest', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_interest', 'DELETE')); END $$; ROLLBACK; diff --git a/src/verify/table_event_category_mapping_policy.sql b/src/verify/table_event_category_mapping_policy.sql index 764a1c78..b10b6fc8 100644 --- a/src/verify/table_event_category_mapping_policy.sql +++ b/src/verify/table_event_category_mapping_policy.sql @@ -8,6 +8,14 @@ BEGIN ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'INSERT')); ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'DELETE')); ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category_mapping', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category_mapping', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category_mapping', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category_mapping', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category_mapping', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category_mapping', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category_mapping', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category_mapping', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category_mapping', 'DELETE')); END $$; ROLLBACK; diff --git a/src/verify/table_event_category_policy.sql b/src/verify/table_event_category_policy.sql new file mode 100644 index 00000000..4046d0af --- /dev/null +++ b/src/verify/table_event_category_policy.sql @@ -0,0 +1,21 @@ +-- Verify maevsi:table_event_category_policy on pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_category', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_category', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_category', 'DELETE')); +END $$; + +ROLLBACK; diff --git a/src/verify/table_event_recommendation_policy.sql b/src/verify/table_event_recommendation_policy.sql index e3c5cadc..c1619ae9 100644 --- a/src/verify/table_event_recommendation_policy.sql +++ b/src/verify/table_event_recommendation_policy.sql @@ -8,6 +8,14 @@ BEGIN ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'INSERT')); ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'DELETE')); ASSERT NOT(SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_recommendation', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_recommendation', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_recommendation', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_recommendation', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_recommendation', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_recommendation', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_recommendation', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_recommendation', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_recommendation', 'DELETE')); END $$; ROLLBACK; From 93381e75c686f7d5c323a7f925d98f28b2ce45fc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 17:51:07 +0000 Subject: [PATCH 061/105] chore(deps): update pnpm to v9.15.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 593fa90a..61128411 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.14.4", + "packageManager": "pnpm@9.15.0", "scripts": { "prepare": "husky" }, From 524a30abdf317f6a499d8aaaecb385418a9a7264 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 00:08:01 +0000 Subject: [PATCH 062/105] chore(deps): update sqitch/sqitch docker tag to v1.4.1.3 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f8685c23..4ab39a12 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ # check=skip=SecretsUsedInArgOrEnv ############################## -FROM sqitch/sqitch:v1.4.1.2 AS development +FROM sqitch/sqitch:v1.4.1.3 AS development WORKDIR /srv/app @@ -53,7 +53,7 @@ RUN diff schema.definition.sql schema.sql ############################## -FROM sqitch/sqitch:v1.4.1.2 AS production +FROM sqitch/sqitch:v1.4.1.3 AS production ENV ENV=production From 119b0dd3c7337db9688a78778eb8a9484e6d3785 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Wed, 11 Dec 2024 22:58:10 +0100 Subject: [PATCH 063/105] feat(invitation): provide flattened invitations A view is created that provides invitation data together with corresponding even and contact data. --- schema/schema.definition.sql | 46 +++++++++++++++++++++++++++++ src/deploy/view_invitation_flat.sql | 21 +++++++++++++ src/revert/view_invitation_flat.sql | 7 +++++ src/sqitch.plan | 1 + src/verify/view_invitation_flat.sql | 14 +++++++++ 5 files changed, 89 insertions(+) create mode 100644 src/deploy/view_invitation_flat.sql create mode 100644 src/revert/view_invitation_flat.sql create mode 100644 src/verify/view_invitation_flat.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index b5240e0c..77b62320 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1904,6 +1904,52 @@ COMMENT ON COLUMN maevsi.invitation.feedback IS 'The invitation''s general feedb COMMENT ON COLUMN maevsi.invitation.feedback_paper IS 'The invitation''s paper feedback status.'; +-- +-- Name: invitation_flat; Type: VIEW; Schema: maevsi; Owner: postgres +-- + +CREATE VIEW maevsi.invitation_flat AS + SELECT i.id, + i.contact_id, + i.event_id, + i.feedback, + i.feedback_paper, + c.account_id AS contact_account_id, + c.address, + c.author_account_id AS contact_author_account_id, + c.email_address, + c.email_address_hash, + c.first_name, + c.last_name, + c.phone_number, + c.url AS contact_url, + e.author_account_id AS event_author_account_id, + e.description, + e.start, + e."end", + e.invitee_count_maximum, + e.is_archived, + e.is_in_person, + e.is_remote, + e.location, + e.name, + e.slug, + e.url AS event_url, + e.visibility + FROM ((maevsi.invitation i + JOIN maevsi.contact c ON ((i.contact_id = c.id))) + JOIN maevsi.event e ON ((i.event_id = e.id))); + + +ALTER VIEW maevsi.invitation_flat OWNER TO postgres; + +-- +-- Name: VIEW invitation_flat; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON VIEW maevsi.invitation_flat IS 'View returning flattened invitations.'; + + -- -- Name: legal_term; Type: TABLE; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/view_invitation_flat.sql b/src/deploy/view_invitation_flat.sql new file mode 100644 index 00000000..c16f15e1 --- /dev/null +++ b/src/deploy/view_invitation_flat.sql @@ -0,0 +1,21 @@ +-- Deploy maevsi:view_invitation_flat to pg +-- requires: schema_public +-- requires: table_invitation +-- requires: table_contact + +BEGIN; +CREATE VIEW maevsi.invitation_flat AS +SELECT i.*, + c.account_id as contact_account_id, c.address, c.author_account_id as contact_author_account_id, c.email_address, c.email_address_hash, + c.first_name, c.last_name, c.phone_number, c.url as contact_url, + e.author_account_id as event_author_account_id, e.description, e.start, e.end, + e.invitee_count_maximum, e.is_archived, e.is_in_person, e.is_remote, + e.location, e.name, e.slug, e.url as event_url, e.visibility +FROM maevsi.invitation i + JOIN maevsi.contact c ON i.contact_id = c.id + JOIN maevsi.event e ON i.event_id = e.id +; + +COMMENT ON VIEW maevsi.invitation_flat IS 'View returning flattened invitations.'; + +END; diff --git a/src/revert/view_invitation_flat.sql b/src/revert/view_invitation_flat.sql new file mode 100644 index 00000000..6c24164e --- /dev/null +++ b/src/revert/view_invitation_flat.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:view_invitation_flat from pg + +BEGIN; + +DROP VIEW maevsi.invitation_flat; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 4a6e4504..0d8270eb 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -69,3 +69,4 @@ table_report [schema_public table_account_public table_event table_upload] 1970- table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. +view_invitation_flat [schema_public table_invitation table_contact role_account] 1970-01-01T00:00:00Z Sven Thelemann # View returning flattened invitations diff --git a/src/verify/view_invitation_flat.sql b/src/verify/view_invitation_flat.sql new file mode 100644 index 00000000..c922b659 --- /dev/null +++ b/src/verify/view_invitation_flat.sql @@ -0,0 +1,14 @@ +-- Verify maevsi:view_invitation_flat on pg + +BEGIN; + +SELECT + id, contact_id, event_id, feedback, feedback_paper, + contact_account_id, address, contact_author_account_id, email_address, email_address_hash, + first_name, last_name, phone_number, contact_url, + event_author_account_id, description, "start", "end", + invitee_count_maximum, is_archived, is_in_person, is_remote, + location, name, slug, event_url, visibility +FROM maevsi.invitation_flat WHERE FALSE; + +ROLLBACK; From 2e294319a7b651deb1b472953ebb3ee770c5a5c6 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Thu, 12 Dec 2024 00:26:11 +0100 Subject: [PATCH 064/105] feat(invitation): column names prefixed In the flattened invitation view, columns coming from tables contact and event now have names prefixed with contact_ and event_ resp. --- schema/schema.definition.sql | 34 ++++++++++++++--------------- src/deploy/view_invitation_flat.sql | 15 ++++++++----- src/verify/view_invitation_flat.sql | 12 +++++----- 3 files changed, 34 insertions(+), 27 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 0f136c02..f1da8341 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2031,27 +2031,27 @@ CREATE VIEW maevsi.invitation_flat AS i.feedback, i.feedback_paper, c.account_id AS contact_account_id, - c.address, + c.address AS contact_address, c.author_account_id AS contact_author_account_id, - c.email_address, - c.email_address_hash, - c.first_name, - c.last_name, - c.phone_number, + c.email_address AS contact_email_address, + c.email_address_hash AS contact_email_address_hash, + c.first_name AS contact_first_name, + c.last_name AS contact_last_name, + c.phone_number AS contact_phone_number, c.url AS contact_url, e.author_account_id AS event_author_account_id, - e.description, - e.start, - e."end", - e.invitee_count_maximum, - e.is_archived, - e.is_in_person, - e.is_remote, - e.location, - e.name, - e.slug, + e.description AS event_description, + e.start AS event_start, + e."end" AS event_end, + e.invitee_count_maximum AS event_invitee_count_maximum, + e.is_archived AS event_is_archived, + e.is_in_person AS event_is_in_person, + e.is_remote AS event_is_remote, + e.location AS event_location, + e.name AS event_name, + e.slug AS event_slug, e.url AS event_url, - e.visibility + e.visibility AS event_visibility FROM ((maevsi.invitation i JOIN maevsi.contact c ON ((i.contact_id = c.id))) JOIN maevsi.event e ON ((i.event_id = e.id))); diff --git a/src/deploy/view_invitation_flat.sql b/src/deploy/view_invitation_flat.sql index c16f15e1..b0b88cfa 100644 --- a/src/deploy/view_invitation_flat.sql +++ b/src/deploy/view_invitation_flat.sql @@ -6,11 +6,16 @@ BEGIN; CREATE VIEW maevsi.invitation_flat AS SELECT i.*, - c.account_id as contact_account_id, c.address, c.author_account_id as contact_author_account_id, c.email_address, c.email_address_hash, - c.first_name, c.last_name, c.phone_number, c.url as contact_url, - e.author_account_id as event_author_account_id, e.description, e.start, e.end, - e.invitee_count_maximum, e.is_archived, e.is_in_person, e.is_remote, - e.location, e.name, e.slug, e.url as event_url, e.visibility + c.account_id as contact_account_id, c.address as contact_address, + c.author_account_id as contact_author_account_id, + c.email_address as contact_email_address, c.email_address_hash as contact_email_address_hash, + c.first_name as contact_first_name , c.last_name as contact_last_name, + c.phone_number as contact_phone_number, c.url as contact_url, + e.author_account_id as event_author_account_id, e.description as event_description, + e.start as event_start, e.end event_end, e.invitee_count_maximum as event_invitee_count_maximum, + e.is_archived as event_is_archived, e.is_in_person as event_is_in_person, e.is_remote as event_is_remote, + e.location as event_location, e.name as event_name, e.slug as event_slug, e.url as event_url, + e.visibility as event_visibility FROM maevsi.invitation i JOIN maevsi.contact c ON i.contact_id = c.id JOIN maevsi.event e ON i.event_id = e.id diff --git a/src/verify/view_invitation_flat.sql b/src/verify/view_invitation_flat.sql index c922b659..905c17c6 100644 --- a/src/verify/view_invitation_flat.sql +++ b/src/verify/view_invitation_flat.sql @@ -4,11 +4,13 @@ BEGIN; SELECT id, contact_id, event_id, feedback, feedback_paper, - contact_account_id, address, contact_author_account_id, email_address, email_address_hash, - first_name, last_name, phone_number, contact_url, - event_author_account_id, description, "start", "end", - invitee_count_maximum, is_archived, is_in_person, is_remote, - location, name, slug, event_url, visibility + contact_account_id, contact_address, contact_author_account_id, + contact_email_address, contact_email_address_hash, + contact_first_name, contact_last_name, contact_phone_number, contact_url, + event_author_account_id, event_description, + event_start, event_end, event_invitee_count_maximum, + event_is_archived, event_is_in_person, event_is_remote, + event_location, event_name, event_slug, event_url, event_visibility FROM maevsi.invitation_flat WHERE FALSE; ROLLBACK; From f4822f8252089929dea47f3585737d49b19b7c30 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Thu, 12 Dec 2024 01:40:24 +0100 Subject: [PATCH 065/105] feat(event): assign images to events A new table event_upload is introduced to store the connection between uploaded images and events. If more than one image is assigned to an event the sorting of these images will be based on the image file name. To enable this, file_name is now an additional column in the table upload. This table has another new column, file_type, with the default value 'image' as currently only image files can be uploaded. --- schema/schema.definition.sql | 132 +++++++++++++++++++++++ src/deploy/table_event_upload.sql | 17 +++ src/deploy/table_event_upload_policy.sql | 39 +++++++ src/deploy/table_upload.sql | 6 +- src/revert/table_event_upload.sql | 7 ++ src/revert/table_event_upload_policy.sql | 9 ++ src/sqitch.plan | 2 + src/verify/table_event_upload.sql | 9 ++ src/verify/table_event_upload_policy.sql | 21 ++++ src/verify/table_upload.sql | 4 +- 10 files changed, 244 insertions(+), 2 deletions(-) create mode 100644 src/deploy/table_event_upload.sql create mode 100644 src/deploy/table_event_upload_policy.sql create mode 100644 src/revert/table_event_upload.sql create mode 100644 src/revert/table_event_upload_policy.sql create mode 100644 src/verify/table_event_upload.sql create mode 100644 src/verify/table_event_upload_policy.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 15f89380..4c5f29ef 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1408,6 +1408,8 @@ CREATE TABLE maevsi.upload ( account_id uuid NOT NULL, size_byte bigint NOT NULL, storage_key text, + file_name text, + file_type text DEFAULT 'image'::text NOT NULL, CONSTRAINT upload_size_byte_check CHECK ((size_byte > 0)) ); @@ -1450,6 +1452,20 @@ COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; +-- +-- Name: COLUMN upload.file_name; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.upload.file_name IS 'The name of the uploaded file.'; + + +-- +-- Name: COLUMN upload.file_type; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.upload.file_type IS 'The type of the uploaded file, default is ''image''.'; + + -- -- Name: upload_create(bigint); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -1962,6 +1978,47 @@ COMMENT ON COLUMN maevsi.event_grouping.event_group_id IS 'The event grouping''s COMMENT ON COLUMN maevsi.event_grouping.event_id IS 'The event grouping''s internal event id.'; +-- +-- Name: event_upload; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.event_upload ( + id uuid DEFAULT gen_random_uuid() NOT NULL, + event_id uuid NOT NULL, + upload_id uuid NOT NULL +); + + +ALTER TABLE maevsi.event_upload OWNER TO postgres; + +-- +-- Name: TABLE event_upload; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.event_upload IS 'An assignment of an uploaded content (e.g. an image) to an event.'; + + +-- +-- Name: COLUMN event_upload.id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_upload.id IS '@omit insert,update\nThe event''s internal id for which the invitation is valid.'; + + +-- +-- Name: COLUMN event_upload.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update,delete\nThe event''s internal id for which the invitation is valid.'; + + +-- +-- Name: COLUMN event_upload.upload_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update,delete\nThe internal id of the uploaded content.'; + + -- -- Name: invitation; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -3120,6 +3177,22 @@ ALTER TABLE ONLY maevsi.event ADD CONSTRAINT event_pkey PRIMARY KEY (id); +-- +-- Name: event_upload event_upload_event_id_upload_id_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_event_id_upload_id_key UNIQUE (event_id, upload_id); + + +-- +-- Name: event_upload event_upload_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_pkey PRIMARY KEY (id); + + -- -- Name: invitation invitation_event_id_contact_id_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3549,6 +3622,22 @@ ALTER TABLE ONLY maevsi.event_grouping ADD CONSTRAINT event_grouping_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id); +-- +-- Name: event_upload event_upload_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id); + + +-- +-- Name: event_upload event_upload_upload_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_upload_id_fkey FOREIGN KEY (upload_id) REFERENCES maevsi.upload(id); + + -- -- Name: invitation invitation_contact_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3838,6 +3927,41 @@ CREATE POLICY event_select ON maevsi.event FOR SELECT USING ((((visibility = 'pu CREATE POLICY event_update ON maevsi.event FOR UPDATE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +-- +-- Name: event_upload; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.event_upload ENABLE ROW LEVEL SECURITY; + +-- +-- Name: event_upload event_upload_delete; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ((event_id IN ( SELECT event.id + FROM maevsi.event + WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))); + + +-- +-- Name: event_upload event_upload_insert; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK (((event_id IN ( SELECT event.id + FROM maevsi.event + WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))) AND (upload_id IN ( SELECT upload.id + FROM maevsi.upload + WHERE (upload.account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))))); + + +-- +-- Name: event_upload event_upload_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ((event_id IN ( SELECT event.id + FROM maevsi.event + WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))); + + -- -- Name: invitation; Type: ROW SECURITY; Schema: maevsi; Owner: postgres -- @@ -4585,6 +4709,14 @@ GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE maevsi.event_grouping TO maevsi_accou GRANT SELECT ON TABLE maevsi.event_grouping TO maevsi_anonymous; +-- +-- Name: TABLE event_upload; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_upload TO maevsi_account; +GRANT SELECT ON TABLE maevsi.event_upload TO maevsi_anonymous; + + -- -- Name: TABLE invitation; Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_event_upload.sql b/src/deploy/table_event_upload.sql new file mode 100644 index 00000000..9f13ac68 --- /dev/null +++ b/src/deploy/table_event_upload.sql @@ -0,0 +1,17 @@ +-- Deploy maevsi:table_event_upload to pg + +BEGIN; + +CREATE TABLE maevsi.event_upload ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + event_id UUID NOT NULL REFERENCES maevsi.event(id), + upload_id UUID NOT NULL REFERENCES maevsi.upload(id), + UNIQUE (event_id, upload_id) +); + +COMMENT ON TABLE maevsi.event_upload IS 'An assignment of an uploaded content (e.g. an image) to an event.'; +COMMENT ON COLUMN maevsi.event_upload.id IS '@omit insert,update\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update,delete\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update,delete\nThe internal id of the uploaded content.'; + +END; diff --git a/src/deploy/table_event_upload_policy.sql b/src/deploy/table_event_upload_policy.sql new file mode 100644 index 00000000..f0005c23 --- /dev/null +++ b/src/deploy/table_event_upload_policy.sql @@ -0,0 +1,39 @@ +-- Deploy maevsi:table_event_upload_policy to pg + +BEGIN; + +GRANT SELECT ON TABLE maevsi.event_upload TO maevsi_account, maevsi_anonymous; +GRANT INSERT, DELETE ON TABLE maevsi.event_upload TO maevsi_account; + +ALTER TABLE maevsi.event_upload ENABLE ROW LEVEL SECURITY; + +-- Only select rows with events authored by the current user. +CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ( + event_id IN ( + SELECT id FROM maevsi.event + WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + ) +); + +-- Only allow inserts for events authored by the current user und uploads of the current_user0. +CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( + event_id IN ( + SELECT id FROM maevsi.event + WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + ) + AND + upload_id IN ( + SELECT id FROM maevsi.upload + WHERE account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + ) +); + +-- Only allow deletes if events is authored by the current user und uploads of the current_user. +CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ( + event_id IN ( + SELECT id FROM maevsi.event + WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + ) +); + +COMMIT; diff --git a/src/deploy/table_upload.sql b/src/deploy/table_upload.sql index 7949dbc6..2f83ff55 100644 --- a/src/deploy/table_upload.sql +++ b/src/deploy/table_upload.sql @@ -8,7 +8,9 @@ CREATE TABLE maevsi.upload ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), account_id UUID NOT NULL REFERENCES maevsi.account(id), size_byte BIGINT NOT NULL CHECK (size_byte > 0), - storage_key TEXT UNIQUE + storage_key TEXT UNIQUE, + file_name TEXT, + file_type TEXT NOT NULL DEFAULT 'image' ); COMMENT ON TABLE maevsi.upload IS 'An upload.'; @@ -16,5 +18,7 @@ COMMENT ON COLUMN maevsi.upload.id IS E'@omit create,update\nThe upload''s inter COMMENT ON COLUMN maevsi.upload.account_id IS 'The uploader''s account id.'; COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; +COMMENT ON COLUMN maevsi.upload.file_name IS 'The name of the uploaded file.'; +COMMENT ON COLUMN maevsi.upload.file_type IS 'The type of the uploaded file, default is ''image''.'; COMMIT; diff --git a/src/revert/table_event_upload.sql b/src/revert/table_event_upload.sql new file mode 100644 index 00000000..4fea62e3 --- /dev/null +++ b/src/revert/table_event_upload.sql @@ -0,0 +1,7 @@ +-- Revert maevsi:table_event_upload from pg + +BEGIN; + +DROP TABLE maevsi.event_upload; + +COMMIT; diff --git a/src/revert/table_event_upload_policy.sql b/src/revert/table_event_upload_policy.sql new file mode 100644 index 00000000..fd5fdc09 --- /dev/null +++ b/src/revert/table_event_upload_policy.sql @@ -0,0 +1,9 @@ +-- Revert maevsi:table_event_upload_policy to pg + +BEGIN; + +DROP POLICY event_upload_select ON maevsi.event_upload; +DROP POLICY event_upload_insert ON maevsi.event_upload; +DROP POLICY event_upload_delete ON maevsi.event_upload; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 2e8f9715..05c19fab 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -75,3 +75,5 @@ table_account_social_network_policy [schema_public table_account_social_network enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. +table_event_upload [schema_public table_event table_upload] 1970-01-01T00:00:00Z JSven Thelemann # Add table event_upload. +table_event_upload_policy [schema_public table_event_upload table_event table_upload role_account role_anonymous] 1970-01-01T00:00:00Z JSven Thelemann # Grants and policies for table event_upload. diff --git a/src/verify/table_event_upload.sql b/src/verify/table_event_upload.sql new file mode 100644 index 00000000..660bba4c --- /dev/null +++ b/src/verify/table_event_upload.sql @@ -0,0 +1,9 @@ +-- Verify maevsi:table_event_upload on pg + +BEGIN; + +SELECT id, + event_id, + upload_id +FROM maevsi.event_upload WHERE FALSE; + diff --git a/src/verify/table_event_upload_policy.sql b/src/verify/table_event_upload_policy.sql new file mode 100644 index 00000000..9615eff9 --- /dev/null +++ b/src/verify/table_event_upload_policy.sql @@ -0,0 +1,21 @@ +-- Verify maevsi:table_event_upload_policy to pg + +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_upload', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_upload', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_upload', 'UPDATE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_upload', 'DELETE')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_upload', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_upload', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_upload', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_upload', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_upload', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_upload', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_upload', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_upload', 'DELETE')); +END $$; + +ROLLBACK; diff --git a/src/verify/table_upload.sql b/src/verify/table_upload.sql index 03dbfc40..b0501695 100644 --- a/src/verify/table_upload.sql +++ b/src/verify/table_upload.sql @@ -5,7 +5,9 @@ BEGIN; SELECT id, account_id, size_byte, - storage_key + storage_key, + file_name, + file_type FROM maevsi.upload WHERE FALSE; ROLLBACK; From 41638160ab88295da44c642672d6a7f498e39f69 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 03:57:46 +0100 Subject: [PATCH 066/105] chore(sqitch): remove comments --- src/deploy/database_grafana.sql | 2 -- src/deploy/enum_achievement_type.sql | 3 --- src/deploy/enum_event_size.sql | 3 --- src/deploy/enum_event_visibility.sql | 3 --- src/deploy/enum_invitation_feedback.sql | 3 --- src/deploy/enum_invitation_feedback_paper.sql | 2 -- src/deploy/enum_social_network.sql | 3 --- src/deploy/extension_pgcrypto.sql | 3 --- src/deploy/function_account_delete.sql | 8 -------- .../function_account_email_address_verification.sql | 8 -------- src/deploy/function_account_password_change.sql | 8 -------- src/deploy/function_account_password_reset.sql | 9 --------- .../function_account_password_reset_request.sql | 9 --------- src/deploy/function_account_registration.sql | 12 ------------ .../function_account_registration_refresh.sql | 8 -------- src/deploy/function_account_upload_quota_bytes.sql | 7 ------- src/deploy/function_achievement_unlock.sql | 9 --------- src/deploy/function_authenticate.sql | 9 --------- src/deploy/function_event_delete.sql | 8 -------- src/deploy/function_event_invitee_count_maximum.sql | 10 ---------- src/deploy/function_event_is_existing.sql | 7 ------- src/deploy/function_event_unlock.sql | 10 ---------- src/deploy/function_events_invited.sql | 9 --------- src/deploy/function_events_organized.sql | 7 ------- src/deploy/function_invitation_claim_array.sql | 6 ------ src/deploy/function_invitation_contact_ids.sql | 9 --------- src/deploy/function_invite.sql | 13 ------------- src/deploy/function_invitee_count.sql | 7 ------- src/deploy/function_jwt_refresh.sql | 6 ------ src/deploy/function_notification_acknowledge.sql | 7 ------- src/deploy/function_profile_picture_set.sql | 6 ------ src/deploy/function_upload_create.sql | 8 -------- src/deploy/index_event_author_username.sql | 3 --- src/deploy/index_event_group_author_username.sql | 3 --- src/deploy/index_event_grouping_event_group_id.sql | 3 --- src/deploy/index_event_grouping_event_id.sql | 3 --- src/deploy/index_invitation_contact_id.sql | 3 --- src/deploy/index_invitation_event_id.sql | 3 --- src/deploy/privilege_execute_revoke.sql | 2 -- src/deploy/role_account.sql | 3 --- src/deploy/role_anonymous.sql | 3 --- src/deploy/role_grafana.sql | 3 --- src/deploy/role_postgraphile.sql | 2 -- src/deploy/role_tusd.sql | 3 --- src/deploy/schema_private.sql | 2 -- src/deploy/schema_public.sql | 5 ----- src/deploy/table_account_preference_event_size.sql | 5 ----- .../table_account_preference_event_size_policy.sql | 5 ----- src/deploy/table_account_private.sql | 4 ---- src/deploy/table_account_public.sql | 5 ----- src/deploy/table_account_social_network.sql | 5 ----- src/deploy/table_account_social_network_policy.sql | 2 -- src/deploy/table_achievement.sql | 7 ------- src/deploy/table_achievement_code.sql | 6 ------ src/deploy/table_contact.sql | 6 ------ src/deploy/table_contact_policy.sql | 7 ------- src/deploy/table_event.sql | 7 ------- src/deploy/table_event_group.sql | 6 ------ src/deploy/table_event_grouping.sql | 7 ------- src/deploy/table_event_policy.sql | 8 -------- src/deploy/table_invitation.sql | 7 ------- src/deploy/table_invitation_policy.sql | 9 --------- src/deploy/table_jwt.sql | 3 --- src/deploy/table_legal_term.sql | 5 ----- src/deploy/table_legal_term_acceptance.sql | 6 ------ src/deploy/table_notification.sql | 3 --- src/deploy/table_profile_picture.sql | 8 -------- src/deploy/table_report.sql | 6 ------ src/deploy/table_report_policy.sql | 5 ----- src/deploy/table_upload.sql | 4 ---- src/deploy/table_upload_policy.sql | 7 ------- src/deploy/type_event_unlock_response.sql | 4 ---- src/deploy/type_jwt.sql | 3 --- src/revert/database_grafana.sql | 2 -- src/revert/enum_achievement_type.sql | 2 -- src/revert/enum_event_size.sql | 2 -- src/revert/enum_event_visibility.sql | 2 -- src/revert/enum_invitation_feedback.sql | 2 -- src/revert/enum_invitation_feedback_paper.sql | 2 -- src/revert/enum_social_network.sql | 2 -- src/revert/extension_pgcrypto.sql | 2 -- src/revert/function_account_delete.sql | 2 -- .../function_account_email_address_verification.sql | 2 -- src/revert/function_account_password_change.sql | 2 -- src/revert/function_account_password_reset.sql | 2 -- .../function_account_password_reset_request.sql | 2 -- src/revert/function_account_registration.sql | 2 -- .../function_account_registration_refresh.sql | 2 -- src/revert/function_account_upload_quota_bytes.sql | 2 -- src/revert/function_achievement_unlock.sql | 2 -- src/revert/function_authenticate.sql | 2 -- src/revert/function_event_delete.sql | 2 -- src/revert/function_event_invitee_count_maximum.sql | 2 -- src/revert/function_event_is_existing.sql | 2 -- src/revert/function_event_unlock.sql | 2 -- src/revert/function_events_invited.sql | 2 -- src/revert/function_events_organized.sql | 2 -- src/revert/function_invitation_claim_array.sql | 2 -- src/revert/function_invitation_contact_ids.sql | 2 -- src/revert/function_invite.sql | 2 -- src/revert/function_invitee_count.sql | 2 -- src/revert/function_jwt_refresh.sql | 2 -- src/revert/function_notification_acknowledge.sql | 2 -- src/revert/function_profile_picture_set.sql | 2 -- src/revert/function_upload_create.sql | 2 -- src/revert/index_event_author_username.sql | 2 -- src/revert/index_event_group_author_username.sql | 2 -- src/revert/index_event_grouping_event_group_id.sql | 2 -- src/revert/index_event_grouping_event_id.sql | 2 -- src/revert/index_invitation_contact_id.sql | 2 -- src/revert/index_invitation_event_id.sql | 2 -- src/revert/privilege_execute_revoke.sql | 2 -- src/revert/role_account.sql | 2 -- src/revert/role_anonymous.sql | 2 -- src/revert/role_grafana.sql | 2 -- src/revert/role_postgraphile.sql | 2 -- src/revert/role_tusd.sql | 2 -- src/revert/schema_private.sql | 2 -- src/revert/schema_public.sql | 2 -- src/revert/table_account_preference_event_size.sql | 2 -- .../table_account_preference_event_size_policy.sql | 2 -- src/revert/table_account_private.sql | 2 -- src/revert/table_account_public.sql | 2 -- src/revert/table_account_social_network.sql | 2 -- src/revert/table_account_social_network_policy.sql | 2 -- src/revert/table_achievement.sql | 2 -- src/revert/table_achievement_code.sql | 2 -- src/revert/table_contact.sql | 2 -- src/revert/table_contact_policy.sql | 2 -- src/revert/table_event.sql | 2 -- src/revert/table_event_group.sql | 2 -- src/revert/table_event_grouping.sql | 2 -- src/revert/table_event_policy.sql | 2 -- src/revert/table_invitation.sql | 2 -- src/revert/table_invitation_policy.sql | 2 -- src/revert/table_jwt.sql | 2 -- src/revert/table_legal_term.sql | 2 -- src/revert/table_legal_term_acceptance.sql | 2 -- src/revert/table_notification.sql | 2 -- src/revert/table_profile_picture.sql | 2 -- src/revert/table_report.sql | 2 -- src/revert/table_report_policy.sql | 2 -- src/revert/table_upload.sql | 2 -- src/revert/table_upload_policy.sql | 2 -- src/revert/type_event_unlock_response.sql | 2 -- src/revert/type_jwt.sql | 2 -- src/verify/database_grafana.sql | 2 -- src/verify/enum_achievement_type.sql | 2 -- src/verify/enum_event_size.sql | 2 -- src/verify/enum_event_visibility.sql | 2 -- src/verify/enum_invitation_feedback.sql | 2 -- src/verify/enum_invitation_feedback_paper.sql | 2 -- src/verify/enum_social_network.sql | 2 -- src/verify/extension_pgcrypto.sql | 2 -- src/verify/function_account_delete.sql | 2 -- .../function_account_email_address_verification.sql | 2 -- src/verify/function_account_password_change.sql | 2 -- src/verify/function_account_password_reset.sql | 2 -- .../function_account_password_reset_request.sql | 2 -- src/verify/function_account_registration.sql | 2 -- .../function_account_registration_refresh.sql | 2 -- src/verify/function_account_upload_quota_bytes.sql | 2 -- src/verify/function_achievement_unlock.sql | 2 -- src/verify/function_authenticate.sql | 2 -- src/verify/function_event_delete.sql | 2 -- src/verify/function_event_invitee_count_maximum.sql | 2 -- src/verify/function_event_is_existing.sql | 2 -- src/verify/function_event_unlock.sql | 2 -- src/verify/function_events_invited.sql | 2 -- src/verify/function_events_organized.sql | 2 -- src/verify/function_invitation_claim_array.sql | 2 -- src/verify/function_invitation_contact_ids.sql | 2 -- src/verify/function_invite.sql | 2 -- src/verify/function_invitee_count.sql | 2 -- src/verify/function_jwt_refresh.sql | 2 -- src/verify/function_notification_acknowledge.sql | 2 -- src/verify/function_profile_picture_set.sql | 2 -- src/verify/function_upload_create.sql | 2 -- src/verify/index_event_author_username.sql | 2 -- src/verify/index_event_group_author_username.sql | 2 -- src/verify/index_event_grouping_event_group_id.sql | 2 -- src/verify/index_event_grouping_event_id.sql | 2 -- src/verify/index_invitation_contact_id.sql | 2 -- src/verify/index_invitation_event_id.sql | 2 -- src/verify/privilege_execute_revoke.sql | 2 -- src/verify/role_account.sql | 2 -- src/verify/role_anonymous.sql | 2 -- src/verify/role_grafana.sql | 2 -- src/verify/role_postgraphile.sql | 2 -- src/verify/role_tusd.sql | 2 -- src/verify/schema_private.sql | 2 -- src/verify/schema_public.sql | 2 -- src/verify/table_account_preference_event_size.sql | 2 -- .../table_account_preference_event_size_policy.sql | 2 -- src/verify/table_account_private.sql | 2 -- src/verify/table_account_public.sql | 2 -- src/verify/table_account_social_network.sql | 2 -- src/verify/table_account_social_network_policy.sql | 2 -- src/verify/table_achievement.sql | 2 -- src/verify/table_achievement_code.sql | 2 -- src/verify/table_contact.sql | 2 -- src/verify/table_contact_policy.sql | 2 -- src/verify/table_event.sql | 2 -- src/verify/table_event_group.sql | 2 -- src/verify/table_event_grouping.sql | 2 -- src/verify/table_event_policy.sql | 2 -- src/verify/table_invitation.sql | 2 -- src/verify/table_invitation_policy.sql | 2 -- src/verify/table_jwt.sql | 2 -- src/verify/table_legal_term.sql | 2 -- src/verify/table_legal_term_acceptance.sql | 2 -- src/verify/table_notification.sql | 2 -- src/verify/table_profile_picture.sql | 2 -- src/verify/table_report.sql | 2 -- src/verify/table_report_policy.sql | 2 -- src/verify/table_upload.sql | 2 -- src/verify/table_upload_policy.sql | 2 -- src/verify/type_event_unlock_response.sql | 2 -- src/verify/type_jwt.sql | 2 -- 219 files changed, 705 deletions(-) diff --git a/src/deploy/database_grafana.sql b/src/deploy/database_grafana.sql index 2f10f7ab..73955152 100644 --- a/src/deploy/database_grafana.sql +++ b/src/deploy/database_grafana.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:database_grafana to pg - CREATE DATABASE grafana; COMMENT ON DATABASE grafana IS 'The observation dashboard''s database.'; diff --git a/src/deploy/enum_achievement_type.sql b/src/deploy/enum_achievement_type.sql index 87b98cd2..2b9fc8d4 100644 --- a/src/deploy/enum_achievement_type.sql +++ b/src/deploy/enum_achievement_type.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:enum_achievement_type to pg --- requires: schema_public - BEGIN; CREATE TYPE maevsi.achievement_type AS ENUM ( diff --git a/src/deploy/enum_event_size.sql b/src/deploy/enum_event_size.sql index 1bb77aac..b3af027c 100644 --- a/src/deploy/enum_event_size.sql +++ b/src/deploy/enum_event_size.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:enum_event_size to pg --- requires: schema_public - BEGIN; CREATE TYPE maevsi.event_size AS ENUM ( diff --git a/src/deploy/enum_event_visibility.sql b/src/deploy/enum_event_visibility.sql index 13688d52..46fdf623 100644 --- a/src/deploy/enum_event_visibility.sql +++ b/src/deploy/enum_event_visibility.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:enum_event_visibility to pg --- requires: schema_public - BEGIN; CREATE TYPE maevsi.event_visibility AS ENUM ( diff --git a/src/deploy/enum_invitation_feedback.sql b/src/deploy/enum_invitation_feedback.sql index 5263db59..dfdf76d7 100644 --- a/src/deploy/enum_invitation_feedback.sql +++ b/src/deploy/enum_invitation_feedback.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:enum_invitation_feedback to pg --- requires: schema_public - BEGIN; CREATE TYPE maevsi.invitation_feedback AS ENUM ( diff --git a/src/deploy/enum_invitation_feedback_paper.sql b/src/deploy/enum_invitation_feedback_paper.sql index c87f0ce9..64ec9c85 100644 --- a/src/deploy/enum_invitation_feedback_paper.sql +++ b/src/deploy/enum_invitation_feedback_paper.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:enum_paper_invitation_feedback to pg - BEGIN; CREATE TYPE maevsi.invitation_feedback_paper AS ENUM ( diff --git a/src/deploy/enum_social_network.sql b/src/deploy/enum_social_network.sql index b71aa60f..5ea9d01e 100644 --- a/src/deploy/enum_social_network.sql +++ b/src/deploy/enum_social_network.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:enum_social_network to pg --- requires: schema_public - BEGIN; CREATE TYPE maevsi.social_network AS ENUM ( diff --git a/src/deploy/extension_pgcrypto.sql b/src/deploy/extension_pgcrypto.sql index 39614f21..a2797be3 100644 --- a/src/deploy/extension_pgcrypto.sql +++ b/src/deploy/extension_pgcrypto.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:extension_pgcrypto to pg --- requires: schema_public - BEGIN; CREATE EXTENSION pgcrypto WITH SCHEMA maevsi; diff --git a/src/deploy/function_account_delete.sql b/src/deploy/function_account_delete.sql index f89f4d1f..b1ce1ba7 100644 --- a/src/deploy/function_account_delete.sql +++ b/src/deploy/function_account_delete.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:function_account_delete to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: role_account --- requires: table_account_private --- requires: table_event --- requires: extension_pgcrypto - BEGIN; CREATE FUNCTION maevsi.account_delete( diff --git a/src/deploy/function_account_email_address_verification.sql b/src/deploy/function_account_email_address_verification.sql index addb9a39..febace8f 100644 --- a/src/deploy/function_account_email_address_verification.sql +++ b/src/deploy/function_account_email_address_verification.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:function_account_email_address_verification to pg --- requires: privilege_execute_revoke --- requires: schema_private --- requires: schema_public --- requires: role_account --- requires: role_anonymous --- requires: table_account_private - BEGIN; CREATE FUNCTION maevsi.account_email_address_verification( diff --git a/src/deploy/function_account_password_change.sql b/src/deploy/function_account_password_change.sql index 0c7e0a4b..69a75e52 100644 --- a/src/deploy/function_account_password_change.sql +++ b/src/deploy/function_account_password_change.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:function_account_password_change to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: role_account --- requires: table_account_private --- requires: extension_pgcrypto - BEGIN; CREATE FUNCTION maevsi.account_password_change( diff --git a/src/deploy/function_account_password_reset.sql b/src/deploy/function_account_password_reset.sql index be6277cb..e77afce2 100644 --- a/src/deploy/function_account_password_reset.sql +++ b/src/deploy/function_account_password_reset.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:function_account_password_reset to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: table_account_private --- requires: extension_pgcrypto --- requires: role_anonymous --- requires: role_account - BEGIN; CREATE FUNCTION maevsi.account_password_reset( diff --git a/src/deploy/function_account_password_reset_request.sql b/src/deploy/function_account_password_reset_request.sql index 51de79ff..ce2a62b0 100644 --- a/src/deploy/function_account_password_reset_request.sql +++ b/src/deploy/function_account_password_reset_request.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:function_account_password_reset_request to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: table_account_private --- requires: table_notification --- requires: role_anonymous --- requires: role_account - BEGIN; CREATE FUNCTION maevsi.account_password_reset_request( diff --git a/src/deploy/function_account_registration.sql b/src/deploy/function_account_registration.sql index 2126ba0b..44ff8acb 100644 --- a/src/deploy/function_account_registration.sql +++ b/src/deploy/function_account_registration.sql @@ -1,15 +1,3 @@ --- Deploy maevsi:function_account_registration to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: table_account_private --- requires: table_account_public --- requires: table_contact --- requires: extension_pgcrypto --- requires: table_notification --- requires: role_anonymous --- requires: role_account - BEGIN; CREATE FUNCTION maevsi.account_registration( diff --git a/src/deploy/function_account_registration_refresh.sql b/src/deploy/function_account_registration_refresh.sql index abd20e97..fe37ea80 100644 --- a/src/deploy/function_account_registration_refresh.sql +++ b/src/deploy/function_account_registration_refresh.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:function_account_registration_refresh to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: table_account_private --- requires: table_notification --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.account_registration_refresh( diff --git a/src/deploy/function_account_upload_quota_bytes.sql b/src/deploy/function_account_upload_quota_bytes.sql index b817a5af..a001ff9c 100644 --- a/src/deploy/function_account_upload_quota_bytes.sql +++ b/src/deploy/function_account_upload_quota_bytes.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:function_account_upload_quota_bytes to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: table_account_private --- requires: role_account - BEGIN; CREATE FUNCTION maevsi.account_upload_quota_bytes() RETURNS BIGINT AS $$ diff --git a/src/deploy/function_achievement_unlock.sql b/src/deploy/function_achievement_unlock.sql index 959dd25f..200ca6f8 100644 --- a/src/deploy/function_achievement_unlock.sql +++ b/src/deploy/function_achievement_unlock.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:function_achievement_unlock to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: enum_achievement_type --- requires: schema_private --- requires: table_achievement_code --- requires: table_achievement --- requires: role_account - BEGIN; CREATE FUNCTION maevsi.achievement_unlock( diff --git a/src/deploy/function_authenticate.sql b/src/deploy/function_authenticate.sql index 1916b76c..c8e24e25 100644 --- a/src/deploy/function_authenticate.sql +++ b/src/deploy/function_authenticate.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:function_authenticate to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: role_account --- requires: role_anonymous --- requires: type_jwt --- requires: table_account_private --- requires: table_jwt - BEGIN; CREATE FUNCTION maevsi.authenticate( diff --git a/src/deploy/function_event_delete.sql b/src/deploy/function_event_delete.sql index 3fd46dd9..cc3a9afd 100644 --- a/src/deploy/function_event_delete.sql +++ b/src/deploy/function_event_delete.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:function_event_delete to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: role_account --- requires: table_account_private --- requires: table_event --- requires: extension_pgcrypto - BEGIN; CREATE FUNCTION maevsi.event_delete( diff --git a/src/deploy/function_event_invitee_count_maximum.sql b/src/deploy/function_event_invitee_count_maximum.sql index 0ffdc386..571dbd5f 100644 --- a/src/deploy/function_event_invitee_count_maximum.sql +++ b/src/deploy/function_event_invitee_count_maximum.sql @@ -1,13 +1,3 @@ --- Deploy maevsi:function_event_invitee_count_maximum to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_event --- requires: function_invitee_count --- requires: schema_private --- requires: function_events_invited --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.event_invitee_count_maximum( diff --git a/src/deploy/function_event_is_existing.sql b/src/deploy/function_event_is_existing.sql index 7d02302b..bfcc7748 100644 --- a/src/deploy/function_event_is_existing.sql +++ b/src/deploy/function_event_is_existing.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:function_event_is_existing to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_event --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.event_is_existing( diff --git a/src/deploy/function_event_unlock.sql b/src/deploy/function_event_unlock.sql index 1e66df17..04eb94a4 100644 --- a/src/deploy/function_event_unlock.sql +++ b/src/deploy/function_event_unlock.sql @@ -1,13 +1,3 @@ --- Deploy maevsi:function_event_unlock to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_invitation --- requires: table_event --- requires: type_event_unlock_response --- requires: function_invitation_claims_to_array --- requires: type_jwt --- requires: table_jwt - BEGIN; CREATE FUNCTION maevsi.event_unlock( diff --git a/src/deploy/function_events_invited.sql b/src/deploy/function_events_invited.sql index 7fff04b4..9aec3a54 100644 --- a/src/deploy/function_events_invited.sql +++ b/src/deploy/function_events_invited.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:function_events_invited to pg --- requires: privilege_execute_revoke --- requires: schema_private --- requires: schema_public --- requires: table_invitation --- requires: table_contact --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi_private.events_invited() diff --git a/src/deploy/function_events_organized.sql b/src/deploy/function_events_organized.sql index 39860764..41f956c0 100644 --- a/src/deploy/function_events_organized.sql +++ b/src/deploy/function_events_organized.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:function_events_organized to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_event --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.events_organized() diff --git a/src/deploy/function_invitation_claim_array.sql b/src/deploy/function_invitation_claim_array.sql index 05a122ae..45acc922 100644 --- a/src/deploy/function_invitation_claim_array.sql +++ b/src/deploy/function_invitation_claim_array.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:function_invitation_claim_array to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.invitation_claim_array() diff --git a/src/deploy/function_invitation_contact_ids.sql b/src/deploy/function_invitation_contact_ids.sql index 11bd5132..6ecd8a0f 100644 --- a/src/deploy/function_invitation_contact_ids.sql +++ b/src/deploy/function_invitation_contact_ids.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:function_invitation_contact_ids to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_invitation --- requires: function_invitation_claim_array --- requires: function_events_organized --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.invitation_contact_ids() diff --git a/src/deploy/function_invite.sql b/src/deploy/function_invite.sql index c65c3f42..c29ceb0b 100644 --- a/src/deploy/function_invite.sql +++ b/src/deploy/function_invite.sql @@ -1,16 +1,3 @@ --- Deploy maevsi:function_account_delete to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_invitation --- requires: function_events_organized --- requires: table_event --- requires: table_contact --- requires: schema_private --- requires: table_account_private --- requires: table_profile_picture --- requires: table_notification --- requires: role_account - BEGIN; CREATE FUNCTION maevsi.invite( diff --git a/src/deploy/function_invitee_count.sql b/src/deploy/function_invitee_count.sql index 655b838a..e6f67195 100644 --- a/src/deploy/function_invitee_count.sql +++ b/src/deploy/function_invitee_count.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:function_invitee_count to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: table_invitation --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.invitee_count(event_id UUID) diff --git a/src/deploy/function_jwt_refresh.sql b/src/deploy/function_jwt_refresh.sql index c0f9fad5..77af1dd7 100644 --- a/src/deploy/function_jwt_refresh.sql +++ b/src/deploy/function_jwt_refresh.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:function_jwt_refresh to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: type_jwt --- requires: table_jwt - BEGIN; CREATE FUNCTION maevsi.jwt_refresh( diff --git a/src/deploy/function_notification_acknowledge.sql b/src/deploy/function_notification_acknowledge.sql index 6b4e1305..388f3421 100644 --- a/src/deploy/function_notification_acknowledge.sql +++ b/src/deploy/function_notification_acknowledge.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:function_notification_acknowledge to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: table_notification --- requires: role_anonymous - BEGIN; CREATE FUNCTION maevsi.notification_acknowledge( diff --git a/src/deploy/function_profile_picture_set.sql b/src/deploy/function_profile_picture_set.sql index d79b3d46..69366bb7 100644 --- a/src/deploy/function_profile_picture_set.sql +++ b/src/deploy/function_profile_picture_set.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:function_profile_picture_set to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: role_account --- requires: table_profile_picture - BEGIN; CREATE FUNCTION maevsi.profile_picture_set( diff --git a/src/deploy/function_upload_create.sql b/src/deploy/function_upload_create.sql index 1321d2d7..17f0ca92 100644 --- a/src/deploy/function_upload_create.sql +++ b/src/deploy/function_upload_create.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:function_upload_create to pg --- requires: privilege_execute_revoke --- requires: schema_public --- requires: schema_private --- requires: role_account --- requires: table_upload --- requires: table_account_private - BEGIN; CREATE FUNCTION maevsi.upload_create( diff --git a/src/deploy/index_event_author_username.sql b/src/deploy/index_event_author_username.sql index 37771c57..388ca32a 100644 --- a/src/deploy/index_event_author_username.sql +++ b/src/deploy/index_event_author_username.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:index_event_author_account_id to pg --- requires: table_event - BEGIN; CREATE INDEX idx_event_author_account_id ON maevsi.event (author_account_id); diff --git a/src/deploy/index_event_group_author_username.sql b/src/deploy/index_event_group_author_username.sql index b8379765..eaf1dfbf 100644 --- a/src/deploy/index_event_group_author_username.sql +++ b/src/deploy/index_event_group_author_username.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:index_event_group_author_account_id to pg --- requires: table_event_group - BEGIN; CREATE INDEX idx_event_group_author_account_id ON maevsi.event_group (author_account_id); diff --git a/src/deploy/index_event_grouping_event_group_id.sql b/src/deploy/index_event_grouping_event_group_id.sql index a19a9c7e..4cd5b927 100644 --- a/src/deploy/index_event_grouping_event_group_id.sql +++ b/src/deploy/index_event_grouping_event_group_id.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:index_event_grouping_event_group_id to pg --- requires: table_event_grouping - BEGIN; CREATE INDEX idx_event_grouping_event_group_id ON maevsi.event_grouping (event_group_id); diff --git a/src/deploy/index_event_grouping_event_id.sql b/src/deploy/index_event_grouping_event_id.sql index 562e814c..253b12e5 100644 --- a/src/deploy/index_event_grouping_event_id.sql +++ b/src/deploy/index_event_grouping_event_id.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:index_event_grouping_event_id to pg --- requires: table_event_grouping - BEGIN; CREATE INDEX idx_event_grouping_event_id ON maevsi.event_grouping (event_id); diff --git a/src/deploy/index_invitation_contact_id.sql b/src/deploy/index_invitation_contact_id.sql index 16be1d2e..8b035f99 100644 --- a/src/deploy/index_invitation_contact_id.sql +++ b/src/deploy/index_invitation_contact_id.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:index_invitation_contact_id to pg --- requires: table_invitation - BEGIN; CREATE INDEX idx_invitation_contact_id ON maevsi.invitation (contact_id); diff --git a/src/deploy/index_invitation_event_id.sql b/src/deploy/index_invitation_event_id.sql index e1bb090d..85faa012 100644 --- a/src/deploy/index_invitation_event_id.sql +++ b/src/deploy/index_invitation_event_id.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:index_invitation_event_id to pg --- requires: table_invitation - BEGIN; CREATE INDEX idx_invitation_event_id ON maevsi.invitation (event_id); diff --git a/src/deploy/privilege_execute_revoke.sql b/src/deploy/privilege_execute_revoke.sql index 86f6040a..21ba09b5 100644 --- a/src/deploy/privilege_execute_revoke.sql +++ b/src/deploy/privilege_execute_revoke.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:privilege_execute_revoke to pg - BEGIN; ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC; diff --git a/src/deploy/role_account.sql b/src/deploy/role_account.sql index 0765e03b..7db9cc08 100644 --- a/src/deploy/role_account.sql +++ b/src/deploy/role_account.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:role_account to pg --- requires: role_postgraphile - BEGIN; CREATE ROLE maevsi_account; diff --git a/src/deploy/role_anonymous.sql b/src/deploy/role_anonymous.sql index 9ab9c9e9..ab877900 100644 --- a/src/deploy/role_anonymous.sql +++ b/src/deploy/role_anonymous.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:role_anonymous to pg --- requires: role_postgraphile - BEGIN; CREATE ROLE maevsi_anonymous; diff --git a/src/deploy/role_grafana.sql b/src/deploy/role_grafana.sql index b61e525c..ea0acc8f 100644 --- a/src/deploy/role_grafana.sql +++ b/src/deploy/role_grafana.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:role_grafana to pg --- requires: database_grafana - \connect grafana BEGIN; diff --git a/src/deploy/role_postgraphile.sql b/src/deploy/role_postgraphile.sql index 10a83e9d..805a9401 100644 --- a/src/deploy/role_postgraphile.sql +++ b/src/deploy/role_postgraphile.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:role_postgraphile to pg - BEGIN; \set role_maevsi_postgraphile_password `cat /run/secrets/postgres_role_maevsi-postgraphile_password` diff --git a/src/deploy/role_tusd.sql b/src/deploy/role_tusd.sql index 033a084f..b0bfc580 100644 --- a/src/deploy/role_tusd.sql +++ b/src/deploy/role_tusd.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:role_tusd to pg --- requires: role_postgraphile - BEGIN; \set role_maevsi_tusd_password `cat /run/secrets/postgres_role_maevsi-tusd_password` diff --git a/src/deploy/schema_private.sql b/src/deploy/schema_private.sql index c80dbbb1..96960f64 100644 --- a/src/deploy/schema_private.sql +++ b/src/deploy/schema_private.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:schema_private to pg - BEGIN; CREATE SCHEMA maevsi_private; diff --git a/src/deploy/schema_public.sql b/src/deploy/schema_public.sql index 66a56965..abc2f95b 100644 --- a/src/deploy/schema_public.sql +++ b/src/deploy/schema_public.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:schema_public to pg --- requires: role_anonymous --- requires: role_account --- requires: role_tusd - BEGIN; CREATE SCHEMA maevsi; diff --git a/src/deploy/table_account_preference_event_size.sql b/src/deploy/table_account_preference_event_size.sql index abecd735..b76e19c9 100644 --- a/src/deploy/table_account_preference_event_size.sql +++ b/src/deploy/table_account_preference_event_size.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_account_preference_event_size to pg --- requires: schema_public --- requires: table_account_public --- requires: enum_event_size - BEGIN; CREATE TABLE maevsi.account_preference_event_size ( diff --git a/src/deploy/table_account_preference_event_size_policy.sql b/src/deploy/table_account_preference_event_size_policy.sql index f9cf54aa..937424b9 100644 --- a/src/deploy/table_account_preference_event_size_policy.sql +++ b/src/deploy/table_account_preference_event_size_policy.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_account_preference_event_size_policy to pg --- requires: schema_public --- requires: table_account_preference_event_size --- requires: role_account - BEGIN; GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_preference_event_size TO maevsi_account; diff --git a/src/deploy/table_account_private.sql b/src/deploy/table_account_private.sql index b36dd1ba..1ed7e1d5 100644 --- a/src/deploy/table_account_private.sql +++ b/src/deploy/table_account_private.sql @@ -1,7 +1,3 @@ --- Deploy maevsi:table_account_private to pg --- requires: schema_private --- requires: schema_public - BEGIN; CREATE TABLE maevsi_private.account ( diff --git a/src/deploy/table_account_public.sql b/src/deploy/table_account_public.sql index 1749c94c..502ff010 100644 --- a/src/deploy/table_account_public.sql +++ b/src/deploy/table_account_public.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_account_public to pg --- requires: schema_public --- requires: schema_private --- requires: table_account_private - BEGIN; CREATE TABLE maevsi.account ( diff --git a/src/deploy/table_account_social_network.sql b/src/deploy/table_account_social_network.sql index 178dab0e..b83cc143 100644 --- a/src/deploy/table_account_social_network.sql +++ b/src/deploy/table_account_social_network.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_event_category_mapping to pg --- requires: schema_public --- requires: table_account --- requires: enum_social_network - BEGIN; CREATE TABLE maevsi.account_social_network ( diff --git a/src/deploy/table_account_social_network_policy.sql b/src/deploy/table_account_social_network_policy.sql index 2e4ef9d2..bd576bce 100644 --- a/src/deploy/table_account_social_network_policy.sql +++ b/src/deploy/table_account_social_network_policy.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:table_account_social_network_policy to pg - BEGIN; GRANT SELECT ON TABLE maevsi.account_social_network TO maevsi_anonymous; diff --git a/src/deploy/table_achievement.sql b/src/deploy/table_achievement.sql index b1544172..b5377ec2 100644 --- a/src/deploy/table_achievement.sql +++ b/src/deploy/table_achievement.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_achievement to pg --- requires: schema_public --- requires: table_account_public --- requires: enum_achievement_type --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE TABLE maevsi.achievement ( diff --git a/src/deploy/table_achievement_code.sql b/src/deploy/table_achievement_code.sql index 40adf944..554a94e1 100644 --- a/src/deploy/table_achievement_code.sql +++ b/src/deploy/table_achievement_code.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:table_achievement_code to pg --- requires: schema_private --- requires: schema_public --- requires: enum_achievement_type --- requires: role_tusd - BEGIN; CREATE TABLE maevsi_private.achievement_code ( diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index 52e71adc..f39d08ec 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:table_contact to pg --- requires: schema_public --- requires: role_account --- requires: role_anonymous --- requires: table_account_public - BEGIN; CREATE TABLE maevsi.contact ( diff --git a/src/deploy/table_contact_policy.sql b/src/deploy/table_contact_policy.sql index 5be8989d..a8ab9a6d 100644 --- a/src/deploy/table_contact_policy.sql +++ b/src/deploy/table_contact_policy.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_contact_policy to pg --- requires: schema_public --- requires: table_contact --- requires: role_account --- requires: role_anonymous --- requires: function_invitation_contact_ids - BEGIN; GRANT SELECT ON TABLE maevsi.contact TO maevsi_account, maevsi_anonymous; diff --git a/src/deploy/table_event.sql b/src/deploy/table_event.sql index bab8646b..09b37eb0 100644 --- a/src/deploy/table_event.sql +++ b/src/deploy/table_event.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_event to pg --- requires: schema_public --- requires: role_account --- requires: role_anonymous --- requires: table_account_public --- requires: enum_event_visibility - BEGIN; CREATE TABLE maevsi.event ( diff --git a/src/deploy/table_event_group.sql b/src/deploy/table_event_group.sql index 75e9f228..f434cb27 100644 --- a/src/deploy/table_event_group.sql +++ b/src/deploy/table_event_group.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:table_event_group to pg --- requires: schema_public --- requires: role_account --- requires: role_anonymous --- requires: table_account_public - BEGIN; CREATE TABLE maevsi.event_group ( diff --git a/src/deploy/table_event_grouping.sql b/src/deploy/table_event_grouping.sql index 71a37295..39579564 100644 --- a/src/deploy/table_event_grouping.sql +++ b/src/deploy/table_event_grouping.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_event_grouping to pg --- requires: schema_public --- requires: role_account --- requires: role_anonymous --- requires: table_event --- requires: table_event_group - BEGIN; CREATE TABLE maevsi.event_grouping ( diff --git a/src/deploy/table_event_policy.sql b/src/deploy/table_event_policy.sql index 5c639882..62f34254 100644 --- a/src/deploy/table_event_policy.sql +++ b/src/deploy/table_event_policy.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:table_event_policy to pg --- requires: schema_public --- requires: table_event --- requires: role_account --- requires: role_anonymous --- requires: schema_private --- requires: function_events_invited - BEGIN; GRANT SELECT ON TABLE maevsi.event TO maevsi_account, maevsi_anonymous; diff --git a/src/deploy/table_invitation.sql b/src/deploy/table_invitation.sql index fc5bb79d..5ac0b461 100644 --- a/src/deploy/table_invitation.sql +++ b/src/deploy/table_invitation.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_invitation to pg --- requires: schema_public --- requires: table_event --- requires: table_contact --- requires: enum_invitation_feedback --- requires: enum_invitation_feedback_paper - BEGIN; CREATE TABLE maevsi.invitation ( diff --git a/src/deploy/table_invitation_policy.sql b/src/deploy/table_invitation_policy.sql index c333693e..ca60957e 100644 --- a/src/deploy/table_invitation_policy.sql +++ b/src/deploy/table_invitation_policy.sql @@ -1,12 +1,3 @@ --- Deploy maevsi:table_invitation_policy to pg --- requires: schema_public --- requires: table_invitation --- requires: role_account --- requires: role_anonymous --- requires: function_invitation_claim_array --- requires: function_events_organized --- requires: function_event_invitee_count_maximum - BEGIN; GRANT SELECT, UPDATE ON TABLE maevsi.invitation TO maevsi_account, maevsi_anonymous; diff --git a/src/deploy/table_jwt.sql b/src/deploy/table_jwt.sql index 9387acbd..b69c6393 100644 --- a/src/deploy/table_jwt.sql +++ b/src/deploy/table_jwt.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:table_jwt to pg --- requires: schema_private - BEGIN; CREATE TABLE maevsi_private.jwt ( diff --git a/src/deploy/table_legal_term.sql b/src/deploy/table_legal_term.sql index db980db7..cc8802a4 100644 --- a/src/deploy/table_legal_term.sql +++ b/src/deploy/table_legal_term.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_legal_term to pg --- requires: schema_public --- requires: role_account --- requires: role_anonymous - BEGIN; CREATE TABLE maevsi.legal_term ( diff --git a/src/deploy/table_legal_term_acceptance.sql b/src/deploy/table_legal_term_acceptance.sql index 09239094..e249d0eb 100644 --- a/src/deploy/table_legal_term_acceptance.sql +++ b/src/deploy/table_legal_term_acceptance.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:table_legal_term_acceptance to pg --- requires: schema_public --- requires: table_account_public --- requires: table_legal_term --- requires: role_account - BEGIN; CREATE TABLE maevsi.legal_term_acceptance ( diff --git a/src/deploy/table_notification.sql b/src/deploy/table_notification.sql index b6050e4c..3d92dac1 100644 --- a/src/deploy/table_notification.sql +++ b/src/deploy/table_notification.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:table_event to pg --- requires: schema_private - BEGIN; CREATE TABLE maevsi_private.notification ( diff --git a/src/deploy/table_profile_picture.sql b/src/deploy/table_profile_picture.sql index 8757f655..4f90795f 100644 --- a/src/deploy/table_profile_picture.sql +++ b/src/deploy/table_profile_picture.sql @@ -1,11 +1,3 @@ --- Deploy maevsi:table_profile_picture to pg --- requires: schema_public --- requires: table_account_public --- requires: table_upload --- requires: role_account --- requires: role_anonymous --- requires: role_tusd - BEGIN; CREATE TABLE maevsi.profile_picture ( diff --git a/src/deploy/table_report.sql b/src/deploy/table_report.sql index 1fd3b343..8e63bc10 100644 --- a/src/deploy/table_report.sql +++ b/src/deploy/table_report.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:table_report to pg --- requires: schema_public --- requires: table_account_public --- requires: table_event --- requires: table_upload - BEGIN; CREATE TABLE maevsi.report ( diff --git a/src/deploy/table_report_policy.sql b/src/deploy/table_report_policy.sql index c330a8b9..08a6485d 100644 --- a/src/deploy/table_report_policy.sql +++ b/src/deploy/table_report_policy.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_report_policy to pg --- requires: schema_public --- requires: table_report --- requires: role_account - BEGIN; GRANT INSERT, SELECT ON TABLE maevsi.report TO maevsi_account; diff --git a/src/deploy/table_upload.sql b/src/deploy/table_upload.sql index 7949dbc6..6b6adc9e 100644 --- a/src/deploy/table_upload.sql +++ b/src/deploy/table_upload.sql @@ -1,7 +1,3 @@ --- Deploy maevsi:table_event to pg --- requires: schema_public --- requires: table_account_public - BEGIN; CREATE TABLE maevsi.upload ( diff --git a/src/deploy/table_upload_policy.sql b/src/deploy/table_upload_policy.sql index f3c3691b..fe43dc58 100644 --- a/src/deploy/table_upload_policy.sql +++ b/src/deploy/table_upload_policy.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_event to pg --- requires: schema_public --- requires: table_upload --- requires: role_account --- requires: role_anonymous --- requires: role_tusd - BEGIN; GRANT SELECT ON TABLE maevsi.upload TO maevsi_account, maevsi_anonymous, maevsi_tusd; diff --git a/src/deploy/type_event_unlock_response.sql b/src/deploy/type_event_unlock_response.sql index be57ef04..c3ab338a 100644 --- a/src/deploy/type_event_unlock_response.sql +++ b/src/deploy/type_event_unlock_response.sql @@ -1,7 +1,3 @@ --- Deploy maevsi:type_event_unlock_response to pg --- requires: schema_public --- requires: type_jwt - BEGIN; -- TODO: remove type diff --git a/src/deploy/type_jwt.sql b/src/deploy/type_jwt.sql index 391118ae..6721fb21 100644 --- a/src/deploy/type_jwt.sql +++ b/src/deploy/type_jwt.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:type_jwt to pg --- requires: schema_public - BEGIN; CREATE TYPE maevsi.jwt AS ( diff --git a/src/revert/database_grafana.sql b/src/revert/database_grafana.sql index bf0c67c0..b4229d9e 100644 --- a/src/revert/database_grafana.sql +++ b/src/revert/database_grafana.sql @@ -1,3 +1 @@ --- Revert maevsi:database_grafana from pg - DROP DATABASE grafana WITH (FORCE); diff --git a/src/revert/enum_achievement_type.sql b/src/revert/enum_achievement_type.sql index 7a4c17d5..2b6351e3 100644 --- a/src/revert/enum_achievement_type.sql +++ b/src/revert/enum_achievement_type.sql @@ -1,5 +1,3 @@ --- Revert maevsi:enum_achievement_type from pg - BEGIN; DROP TYPE maevsi.achievement_type; diff --git a/src/revert/enum_event_size.sql b/src/revert/enum_event_size.sql index 52fda255..21b19e74 100644 --- a/src/revert/enum_event_size.sql +++ b/src/revert/enum_event_size.sql @@ -1,5 +1,3 @@ --- Revert maevsi:enum_event_size from pg - BEGIN; DROP TYPE maevsi.event_size; diff --git a/src/revert/enum_event_visibility.sql b/src/revert/enum_event_visibility.sql index 53bbb300..c68614b7 100644 --- a/src/revert/enum_event_visibility.sql +++ b/src/revert/enum_event_visibility.sql @@ -1,5 +1,3 @@ --- Revert maevsi:enum_event_visibility from pg - BEGIN; DROP TYPE maevsi.event_visibility; diff --git a/src/revert/enum_invitation_feedback.sql b/src/revert/enum_invitation_feedback.sql index f4e3e4e1..4963783e 100644 --- a/src/revert/enum_invitation_feedback.sql +++ b/src/revert/enum_invitation_feedback.sql @@ -1,5 +1,3 @@ --- Revert maevsi:enum_invitation_feedback from pg - BEGIN; DROP TYPE maevsi.invitation_feedback; diff --git a/src/revert/enum_invitation_feedback_paper.sql b/src/revert/enum_invitation_feedback_paper.sql index db49f019..b75f81c0 100644 --- a/src/revert/enum_invitation_feedback_paper.sql +++ b/src/revert/enum_invitation_feedback_paper.sql @@ -1,5 +1,3 @@ --- Revert maevsi:enum_paper_invitation_feedback from pg - BEGIN; DROP TYPE maevsi.invitation_feedback_paper; diff --git a/src/revert/enum_social_network.sql b/src/revert/enum_social_network.sql index 14dcf278..418c38a0 100644 --- a/src/revert/enum_social_network.sql +++ b/src/revert/enum_social_network.sql @@ -1,5 +1,3 @@ --- Revert maevsi:enum_social_network from pg - BEGIN; DROP TYPE maevsi.social_network; diff --git a/src/revert/extension_pgcrypto.sql b/src/revert/extension_pgcrypto.sql index 7c5a26a7..52fd7c5c 100644 --- a/src/revert/extension_pgcrypto.sql +++ b/src/revert/extension_pgcrypto.sql @@ -1,5 +1,3 @@ --- Revert maevsi:extension_pgcrypto from pg - BEGIN; DROP EXTENSION pgcrypto; diff --git a/src/revert/function_account_delete.sql b/src/revert/function_account_delete.sql index 834cb211..428cc715 100644 --- a/src/revert/function_account_delete.sql +++ b/src/revert/function_account_delete.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_delete from pg - BEGIN; DROP FUNCTION maevsi.account_delete; diff --git a/src/revert/function_account_email_address_verification.sql b/src/revert/function_account_email_address_verification.sql index c06da189..752433bf 100644 --- a/src/revert/function_account_email_address_verification.sql +++ b/src/revert/function_account_email_address_verification.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_email_address_verification from pg - BEGIN; DROP FUNCTION maevsi.account_email_address_verification; diff --git a/src/revert/function_account_password_change.sql b/src/revert/function_account_password_change.sql index ddb2d608..44d12043 100644 --- a/src/revert/function_account_password_change.sql +++ b/src/revert/function_account_password_change.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_password_change from pg - BEGIN; DROP FUNCTION maevsi.account_password_change; diff --git a/src/revert/function_account_password_reset.sql b/src/revert/function_account_password_reset.sql index 76d2c6a4..ea6a50bc 100644 --- a/src/revert/function_account_password_reset.sql +++ b/src/revert/function_account_password_reset.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_password_reset from pg - BEGIN; DROP FUNCTION maevsi.account_password_reset; diff --git a/src/revert/function_account_password_reset_request.sql b/src/revert/function_account_password_reset_request.sql index bbe7aca5..2fa920f8 100644 --- a/src/revert/function_account_password_reset_request.sql +++ b/src/revert/function_account_password_reset_request.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_password_reset_request from pg - BEGIN; DROP FUNCTION maevsi.account_password_reset_request; diff --git a/src/revert/function_account_registration.sql b/src/revert/function_account_registration.sql index b5d5045c..789d9b7f 100644 --- a/src/revert/function_account_registration.sql +++ b/src/revert/function_account_registration.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_registration from pg - BEGIN; DROP FUNCTION maevsi.account_registration; diff --git a/src/revert/function_account_registration_refresh.sql b/src/revert/function_account_registration_refresh.sql index 27f20cb1..a402c1aa 100644 --- a/src/revert/function_account_registration_refresh.sql +++ b/src/revert/function_account_registration_refresh.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_registration_refresh from pg - BEGIN; DROP FUNCTION maevsi.account_registration_refresh; diff --git a/src/revert/function_account_upload_quota_bytes.sql b/src/revert/function_account_upload_quota_bytes.sql index c8c5ebc9..205466a7 100644 --- a/src/revert/function_account_upload_quota_bytes.sql +++ b/src/revert/function_account_upload_quota_bytes.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_account_upload_quota_bytes from pg - BEGIN; DROP FUNCTION maevsi.account_upload_quota_bytes; diff --git a/src/revert/function_achievement_unlock.sql b/src/revert/function_achievement_unlock.sql index 38a4f0ae..d2372760 100644 --- a/src/revert/function_achievement_unlock.sql +++ b/src/revert/function_achievement_unlock.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_achievement_unlock from pg - BEGIN; DROP FUNCTION maevsi.achievement_unlock; diff --git a/src/revert/function_authenticate.sql b/src/revert/function_authenticate.sql index 2151da6f..94dea8f7 100644 --- a/src/revert/function_authenticate.sql +++ b/src/revert/function_authenticate.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_authenticate from pg - BEGIN; DROP FUNCTION maevsi.authenticate; diff --git a/src/revert/function_event_delete.sql b/src/revert/function_event_delete.sql index 2c8c7f75..b8172a1c 100644 --- a/src/revert/function_event_delete.sql +++ b/src/revert/function_event_delete.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_event_delete from pg - BEGIN; DROP FUNCTION maevsi.event_delete; diff --git a/src/revert/function_event_invitee_count_maximum.sql b/src/revert/function_event_invitee_count_maximum.sql index df59199d..1cd8a47a 100644 --- a/src/revert/function_event_invitee_count_maximum.sql +++ b/src/revert/function_event_invitee_count_maximum.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_event_invitee_count_maximum from pg - BEGIN; DROP FUNCTION maevsi.event_invitee_count_maximum; diff --git a/src/revert/function_event_is_existing.sql b/src/revert/function_event_is_existing.sql index 8d54daa3..72be1ce0 100644 --- a/src/revert/function_event_is_existing.sql +++ b/src/revert/function_event_is_existing.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_event_is_existing from pg - BEGIN; DROP FUNCTION maevsi.event_is_existing; diff --git a/src/revert/function_event_unlock.sql b/src/revert/function_event_unlock.sql index dc443148..5b1a6302 100644 --- a/src/revert/function_event_unlock.sql +++ b/src/revert/function_event_unlock.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_event_unlock from pg - BEGIN; DROP FUNCTION maevsi.event_unlock; diff --git a/src/revert/function_events_invited.sql b/src/revert/function_events_invited.sql index 719d21f2..2ae2dbc0 100644 --- a/src/revert/function_events_invited.sql +++ b/src/revert/function_events_invited.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_events_invited from pg - BEGIN; DROP FUNCTION maevsi_private.events_invited; diff --git a/src/revert/function_events_organized.sql b/src/revert/function_events_organized.sql index 8817f7f7..f588f241 100644 --- a/src/revert/function_events_organized.sql +++ b/src/revert/function_events_organized.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_events_organized from pg - BEGIN; DROP FUNCTION maevsi.events_organized; diff --git a/src/revert/function_invitation_claim_array.sql b/src/revert/function_invitation_claim_array.sql index 2e1283c7..08a5f273 100644 --- a/src/revert/function_invitation_claim_array.sql +++ b/src/revert/function_invitation_claim_array.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_invitation_claim_array from pg - BEGIN; DROP FUNCTION maevsi.invitation_claim_array; diff --git a/src/revert/function_invitation_contact_ids.sql b/src/revert/function_invitation_contact_ids.sql index e69b332c..28a25aa8 100644 --- a/src/revert/function_invitation_contact_ids.sql +++ b/src/revert/function_invitation_contact_ids.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_invitation_contact_ids from pg - BEGIN; DROP FUNCTION maevsi.invitation_contact_ids; diff --git a/src/revert/function_invite.sql b/src/revert/function_invite.sql index 9aeaa3d5..747ed328 100644 --- a/src/revert/function_invite.sql +++ b/src/revert/function_invite.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_invite from pg - BEGIN; DROP FUNCTION maevsi.invite; diff --git a/src/revert/function_invitee_count.sql b/src/revert/function_invitee_count.sql index 6cc780a2..4cd17e31 100644 --- a/src/revert/function_invitee_count.sql +++ b/src/revert/function_invitee_count.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_invitee_count from pg - BEGIN; DROP FUNCTION maevsi.invitee_count; diff --git a/src/revert/function_jwt_refresh.sql b/src/revert/function_jwt_refresh.sql index f6767d37..11a70ca6 100644 --- a/src/revert/function_jwt_refresh.sql +++ b/src/revert/function_jwt_refresh.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_jwt_refresh from pg - BEGIN; DROP FUNCTION maevsi.jwt_refresh; diff --git a/src/revert/function_notification_acknowledge.sql b/src/revert/function_notification_acknowledge.sql index b47d2487..0bd570fd 100644 --- a/src/revert/function_notification_acknowledge.sql +++ b/src/revert/function_notification_acknowledge.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_notification_acknowledge from pg - BEGIN; DROP FUNCTION maevsi.notification_acknowledge; diff --git a/src/revert/function_profile_picture_set.sql b/src/revert/function_profile_picture_set.sql index 0cd41c58..be7e68a9 100644 --- a/src/revert/function_profile_picture_set.sql +++ b/src/revert/function_profile_picture_set.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_profile_picture_set from pg - BEGIN; DROP FUNCTION maevsi.profile_picture_set; diff --git a/src/revert/function_upload_create.sql b/src/revert/function_upload_create.sql index 0497894a..47722b1e 100644 --- a/src/revert/function_upload_create.sql +++ b/src/revert/function_upload_create.sql @@ -1,5 +1,3 @@ --- Revert maevsi:function_upload_create from pg - BEGIN; DROP FUNCTION maevsi.upload_create; diff --git a/src/revert/index_event_author_username.sql b/src/revert/index_event_author_username.sql index 9e06d129..aedea681 100644 --- a/src/revert/index_event_author_username.sql +++ b/src/revert/index_event_author_username.sql @@ -1,5 +1,3 @@ --- Revert maevsi:index_event_author_account_id from pg - BEGIN; DROP INDEX maevsi.idx_event_author_account_id; diff --git a/src/revert/index_event_group_author_username.sql b/src/revert/index_event_group_author_username.sql index 3e9d032d..b1917682 100644 --- a/src/revert/index_event_group_author_username.sql +++ b/src/revert/index_event_group_author_username.sql @@ -1,5 +1,3 @@ --- Revert maevsi:index_event_group_author_account_id from pg - BEGIN; DROP INDEX maevsi.idx_event_group_author_account_id; diff --git a/src/revert/index_event_grouping_event_group_id.sql b/src/revert/index_event_grouping_event_group_id.sql index 7b664369..12fa6c00 100644 --- a/src/revert/index_event_grouping_event_group_id.sql +++ b/src/revert/index_event_grouping_event_group_id.sql @@ -1,5 +1,3 @@ --- Revert maevsi:index_event_grouping_event_group_id from pg - BEGIN; DROP INDEX maevsi.idx_event_grouping_event_group_id; diff --git a/src/revert/index_event_grouping_event_id.sql b/src/revert/index_event_grouping_event_id.sql index 82117a0b..ce5d392e 100644 --- a/src/revert/index_event_grouping_event_id.sql +++ b/src/revert/index_event_grouping_event_id.sql @@ -1,5 +1,3 @@ --- Revert maevsi:index_event_grouping_event_id from pg - BEGIN; DROP INDEX maevsi.idx_event_grouping_event_id; diff --git a/src/revert/index_invitation_contact_id.sql b/src/revert/index_invitation_contact_id.sql index 4beab183..5f77296f 100644 --- a/src/revert/index_invitation_contact_id.sql +++ b/src/revert/index_invitation_contact_id.sql @@ -1,5 +1,3 @@ --- Revert maevsi:index_invitation_contact_id from pg - BEGIN; DROP INDEX maevsi.idx_invitation_contact_id; diff --git a/src/revert/index_invitation_event_id.sql b/src/revert/index_invitation_event_id.sql index 77bca5f0..1d1a29d6 100644 --- a/src/revert/index_invitation_event_id.sql +++ b/src/revert/index_invitation_event_id.sql @@ -1,5 +1,3 @@ --- Revert maevsi:index_invitation_event_id from pg - BEGIN; DROP INDEX maevsi.idx_invitation_event_id; diff --git a/src/revert/privilege_execute_revoke.sql b/src/revert/privilege_execute_revoke.sql index f400687e..90cb7960 100644 --- a/src/revert/privilege_execute_revoke.sql +++ b/src/revert/privilege_execute_revoke.sql @@ -1,5 +1,3 @@ --- Revert maevsi:privilege_execute_revoke from pg - BEGIN; ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO PUBLIC; diff --git a/src/revert/role_account.sql b/src/revert/role_account.sql index 94525d14..127d8b68 100644 --- a/src/revert/role_account.sql +++ b/src/revert/role_account.sql @@ -1,5 +1,3 @@ --- Revert maevsi:role_account from pg - BEGIN; DROP ROLE maevsi_account; diff --git a/src/revert/role_anonymous.sql b/src/revert/role_anonymous.sql index 38f534db..f903c5d2 100644 --- a/src/revert/role_anonymous.sql +++ b/src/revert/role_anonymous.sql @@ -1,5 +1,3 @@ --- Revert maevsi:role_anonymous from pg - BEGIN; DROP ROLE maevsi_anonymous; diff --git a/src/revert/role_grafana.sql b/src/revert/role_grafana.sql index 0ea7b5b0..c52617ed 100644 --- a/src/revert/role_grafana.sql +++ b/src/revert/role_grafana.sql @@ -1,5 +1,3 @@ --- Revert maevsi:role_grafana from pg - \connect grafana BEGIN; diff --git a/src/revert/role_postgraphile.sql b/src/revert/role_postgraphile.sql index 856d191f..cf46f8e2 100644 --- a/src/revert/role_postgraphile.sql +++ b/src/revert/role_postgraphile.sql @@ -1,5 +1,3 @@ --- Revert maevsi:role_postgraphile from pg - BEGIN; DROP OWNED BY maevsi_postgraphile; diff --git a/src/revert/role_tusd.sql b/src/revert/role_tusd.sql index 16f6f706..334783d5 100644 --- a/src/revert/role_tusd.sql +++ b/src/revert/role_tusd.sql @@ -1,5 +1,3 @@ --- Revert maevsi:role_tusd from pg - BEGIN; DROP OWNED BY maevsi_tusd; diff --git a/src/revert/schema_private.sql b/src/revert/schema_private.sql index 54b0fd75..baf6816f 100644 --- a/src/revert/schema_private.sql +++ b/src/revert/schema_private.sql @@ -1,5 +1,3 @@ --- Revert maevsi:schema_private from pg - BEGIN; DROP SCHEMA maevsi_private; diff --git a/src/revert/schema_public.sql b/src/revert/schema_public.sql index 34724032..542da575 100644 --- a/src/revert/schema_public.sql +++ b/src/revert/schema_public.sql @@ -1,5 +1,3 @@ --- Revert maevsi:schema_public from pg - BEGIN; DROP SCHEMA maevsi; diff --git a/src/revert/table_account_preference_event_size.sql b/src/revert/table_account_preference_event_size.sql index 03497f54..2789e92f 100644 --- a/src/revert/table_account_preference_event_size.sql +++ b/src/revert/table_account_preference_event_size.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_maevsi.account_preference_event_size from pg - BEGIN; DROP TABLE maevsi.account_preference_event_size; diff --git a/src/revert/table_account_preference_event_size_policy.sql b/src/revert/table_account_preference_event_size_policy.sql index 75d1a279..36b32c3b 100644 --- a/src/revert/table_account_preference_event_size_policy.sql +++ b/src/revert/table_account_preference_event_size_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_maevsi.account_preference_event_size_policy from pg - BEGIN; DROP POLICY account_preference_event_size_select ON maevsi.account_preference_event_size; diff --git a/src/revert/table_account_private.sql b/src/revert/table_account_private.sql index d2dd4b12..dd74a4d0 100644 --- a/src/revert/table_account_private.sql +++ b/src/revert/table_account_private.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_account_private from pg - BEGIN; DROP TRIGGER maevsi_private_account_password_reset_verification_valid_until ON maevsi_private.account; diff --git a/src/revert/table_account_public.sql b/src/revert/table_account_public.sql index 877a5669..cc12edbf 100644 --- a/src/revert/table_account_public.sql +++ b/src/revert/table_account_public.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_account_public from pg - BEGIN; DROP TABLE maevsi.account; diff --git a/src/revert/table_account_social_network.sql b/src/revert/table_account_social_network.sql index 1fe9f072..fd426820 100644 --- a/src/revert/table_account_social_network.sql +++ b/src/revert/table_account_social_network.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_account_social_network from pg - BEGIN; DROP TABLE maevsi.account_social_network ; diff --git a/src/revert/table_account_social_network_policy.sql b/src/revert/table_account_social_network_policy.sql index 87be1edc..740760f0 100644 --- a/src/revert/table_account_social_network_policy.sql +++ b/src/revert/table_account_social_network_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_account_social_network_policy from pg - BEGIN; DROP POLICY account_social_network_insert ON maevsi.account_social_network; diff --git a/src/revert/table_achievement.sql b/src/revert/table_achievement.sql index e1a5ac02..9e715529 100644 --- a/src/revert/table_achievement.sql +++ b/src/revert/table_achievement.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_achievement from pg - BEGIN; DROP POLICY achievement_select ON maevsi.achievement; diff --git a/src/revert/table_achievement_code.sql b/src/revert/table_achievement_code.sql index fc98a23e..5583eec2 100644 --- a/src/revert/table_achievement_code.sql +++ b/src/revert/table_achievement_code.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_achievement_code from pg - BEGIN; DROP TABLE maevsi_private.achievement_code; diff --git a/src/revert/table_contact.sql b/src/revert/table_contact.sql index 695466eb..2e74c355 100644 --- a/src/revert/table_contact.sql +++ b/src/revert/table_contact.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_contact from pg - BEGIN; DROP TRIGGER maevsi_trigger_contact_update_account_id ON maevsi.contact; diff --git a/src/revert/table_contact_policy.sql b/src/revert/table_contact_policy.sql index 43b6f062..a1da8c27 100644 --- a/src/revert/table_contact_policy.sql +++ b/src/revert/table_contact_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_contact_policy from pg - BEGIN; DROP POLICY contact_delete ON maevsi.contact; diff --git a/src/revert/table_event.sql b/src/revert/table_event.sql index e15d40c5..abefa8d0 100644 --- a/src/revert/table_event.sql +++ b/src/revert/table_event.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event from pg - BEGIN; DROP TABLE maevsi.event; diff --git a/src/revert/table_event_group.sql b/src/revert/table_event_group.sql index 93892a95..01bf43c0 100644 --- a/src/revert/table_event_group.sql +++ b/src/revert/table_event_group.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_group from pg - BEGIN; DROP TABLE maevsi.event_group; diff --git a/src/revert/table_event_grouping.sql b/src/revert/table_event_grouping.sql index 93563327..fa5d1aaa 100644 --- a/src/revert/table_event_grouping.sql +++ b/src/revert/table_event_grouping.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_grouping from pg - BEGIN; DROP TABLE maevsi.event_grouping; diff --git a/src/revert/table_event_policy.sql b/src/revert/table_event_policy.sql index e6dca1c2..bb9918bb 100644 --- a/src/revert/table_event_policy.sql +++ b/src/revert/table_event_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_policy from pg - BEGIN; DROP POLICY event_update ON maevsi.event; diff --git a/src/revert/table_invitation.sql b/src/revert/table_invitation.sql index f0517aaf..82cd0bee 100644 --- a/src/revert/table_invitation.sql +++ b/src/revert/table_invitation.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_invitation from pg - BEGIN; DROP TABLE maevsi.invitation; diff --git a/src/revert/table_invitation_policy.sql b/src/revert/table_invitation_policy.sql index 36c59dc3..e0d151b4 100644 --- a/src/revert/table_invitation_policy.sql +++ b/src/revert/table_invitation_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_invitation_policy from pg - BEGIN; DROP TRIGGER maevsi_invitation_update ON maevsi.invitation; diff --git a/src/revert/table_jwt.sql b/src/revert/table_jwt.sql index da05ca19..7f67a80f 100644 --- a/src/revert/table_jwt.sql +++ b/src/revert/table_jwt.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_jwt from pg - BEGIN; DROP TABLE maevsi_private.jwt; diff --git a/src/revert/table_legal_term.sql b/src/revert/table_legal_term.sql index 24467527..4a8db85a 100644 --- a/src/revert/table_legal_term.sql +++ b/src/revert/table_legal_term.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_legal_term from pg - BEGIN; DROP POLICY legal_term_select ON maevsi.legal_term; diff --git a/src/revert/table_legal_term_acceptance.sql b/src/revert/table_legal_term_acceptance.sql index 6fd5a939..6808d751 100644 --- a/src/revert/table_legal_term_acceptance.sql +++ b/src/revert/table_legal_term_acceptance.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_legal_term_acceptance from pg - BEGIN; DROP POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance; diff --git a/src/revert/table_notification.sql b/src/revert/table_notification.sql index ef9ee886..840e2a1c 100644 --- a/src/revert/table_notification.sql +++ b/src/revert/table_notification.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_notification from pg - BEGIN; DROP TABLE maevsi_private.notification; diff --git a/src/revert/table_profile_picture.sql b/src/revert/table_profile_picture.sql index fb96c89e..0ee2f5c1 100644 --- a/src/revert/table_profile_picture.sql +++ b/src/revert/table_profile_picture.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_profile_picture from pg - BEGIN; DROP TABLE maevsi.profile_picture; diff --git a/src/revert/table_report.sql b/src/revert/table_report.sql index e0d0e890..df03a553 100644 --- a/src/revert/table_report.sql +++ b/src/revert/table_report.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_report from pg - BEGIN; DROP TABLE maevsi.report; diff --git a/src/revert/table_report_policy.sql b/src/revert/table_report_policy.sql index 219fe50f..b90b8742 100644 --- a/src/revert/table_report_policy.sql +++ b/src/revert/table_report_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_report_policy from pg - BEGIN; DROP POLICY report_select ON maevsi.report; diff --git a/src/revert/table_upload.sql b/src/revert/table_upload.sql index 0028f82b..a6066f5b 100644 --- a/src/revert/table_upload.sql +++ b/src/revert/table_upload.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_upload from pg - BEGIN; DROP TABLE maevsi.upload; diff --git a/src/revert/table_upload_policy.sql b/src/revert/table_upload_policy.sql index 861f14df..099ad350 100644 --- a/src/revert/table_upload_policy.sql +++ b/src/revert/table_upload_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_upload from pg - BEGIN; DROP POLICY upload_delete_using ON maevsi.upload; diff --git a/src/revert/type_event_unlock_response.sql b/src/revert/type_event_unlock_response.sql index 469cecda..603be2d2 100644 --- a/src/revert/type_event_unlock_response.sql +++ b/src/revert/type_event_unlock_response.sql @@ -1,5 +1,3 @@ --- Revert maevsi:type_event_unlock_response from pg - BEGIN; DROP TYPE maevsi.event_unlock_response; diff --git a/src/revert/type_jwt.sql b/src/revert/type_jwt.sql index b2712cb4..5625524d 100644 --- a/src/revert/type_jwt.sql +++ b/src/revert/type_jwt.sql @@ -1,5 +1,3 @@ --- Revert maevsi:type_jwt from pg - BEGIN; DROP TYPE maevsi.jwt; diff --git a/src/verify/database_grafana.sql b/src/verify/database_grafana.sql index adda2520..09570d2d 100644 --- a/src/verify/database_grafana.sql +++ b/src/verify/database_grafana.sql @@ -1,5 +1,3 @@ --- Verify maevsi:database_grafana on pg - BEGIN; DO $$ diff --git a/src/verify/enum_achievement_type.sql b/src/verify/enum_achievement_type.sql index 3401c66c..71b77334 100644 --- a/src/verify/enum_achievement_type.sql +++ b/src/verify/enum_achievement_type.sql @@ -1,5 +1,3 @@ --- Verify maevsi:enum_achievement_type on pg - BEGIN; DO $$ diff --git a/src/verify/enum_event_size.sql b/src/verify/enum_event_size.sql index aae61f8c..e032368d 100644 --- a/src/verify/enum_event_size.sql +++ b/src/verify/enum_event_size.sql @@ -1,5 +1,3 @@ --- Verify maevsi:enum_event_size on pg - BEGIN; DO $$ diff --git a/src/verify/enum_event_visibility.sql b/src/verify/enum_event_visibility.sql index 12847236..e7170f43 100644 --- a/src/verify/enum_event_visibility.sql +++ b/src/verify/enum_event_visibility.sql @@ -1,5 +1,3 @@ --- Verify maevsi:enum_event_visibility on pg - BEGIN; DO $$ diff --git a/src/verify/enum_invitation_feedback.sql b/src/verify/enum_invitation_feedback.sql index 8b2758fb..e4547970 100644 --- a/src/verify/enum_invitation_feedback.sql +++ b/src/verify/enum_invitation_feedback.sql @@ -1,5 +1,3 @@ --- Verify maevsi:enum_invitation_feedback on pg - BEGIN; DO $$ diff --git a/src/verify/enum_invitation_feedback_paper.sql b/src/verify/enum_invitation_feedback_paper.sql index daa412e3..32ac0c4f 100644 --- a/src/verify/enum_invitation_feedback_paper.sql +++ b/src/verify/enum_invitation_feedback_paper.sql @@ -1,5 +1,3 @@ --- Verify maevsi:enum_paper_invitation_feedback on pg - BEGIN; DO $$ diff --git a/src/verify/enum_social_network.sql b/src/verify/enum_social_network.sql index 8fc989b4..5c99fe24 100644 --- a/src/verify/enum_social_network.sql +++ b/src/verify/enum_social_network.sql @@ -1,5 +1,3 @@ --- Verify maevsi:enum_social_network on pg - BEGIN; DO $$ diff --git a/src/verify/extension_pgcrypto.sql b/src/verify/extension_pgcrypto.sql index 4881f191..bbaf6fb3 100644 --- a/src/verify/extension_pgcrypto.sql +++ b/src/verify/extension_pgcrypto.sql @@ -1,5 +1,3 @@ --- Verify maevsi:extension_pgcrypto on pg - BEGIN; SELECT 1/count(*) FROM pg_extension WHERE extname = 'pgcrypto'; diff --git a/src/verify/function_account_delete.sql b/src/verify/function_account_delete.sql index bcfdf170..c279ac2d 100644 --- a/src/verify/function_account_delete.sql +++ b/src/verify/function_account_delete.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_delete on pg - BEGIN; DO $$ diff --git a/src/verify/function_account_email_address_verification.sql b/src/verify/function_account_email_address_verification.sql index c5c51024..1a728a76 100644 --- a/src/verify/function_account_email_address_verification.sql +++ b/src/verify/function_account_email_address_verification.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_email_address_verification on pg - BEGIN; DO $$ diff --git a/src/verify/function_account_password_change.sql b/src/verify/function_account_password_change.sql index a65da5c9..9f22f382 100644 --- a/src/verify/function_account_password_change.sql +++ b/src/verify/function_account_password_change.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_password_change on pg - BEGIN; DO $$ diff --git a/src/verify/function_account_password_reset.sql b/src/verify/function_account_password_reset.sql index 1568876b..7d2b239a 100644 --- a/src/verify/function_account_password_reset.sql +++ b/src/verify/function_account_password_reset.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_password_reset on pg - BEGIN; DO $$ diff --git a/src/verify/function_account_password_reset_request.sql b/src/verify/function_account_password_reset_request.sql index 9535b1ca..3abc805b 100644 --- a/src/verify/function_account_password_reset_request.sql +++ b/src/verify/function_account_password_reset_request.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_password_reset_request on pg - BEGIN; DO $$ diff --git a/src/verify/function_account_registration.sql b/src/verify/function_account_registration.sql index 53fe91e0..40559d88 100644 --- a/src/verify/function_account_registration.sql +++ b/src/verify/function_account_registration.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_registration on pg - BEGIN; SAVEPOINT function_privileges_for_roles; diff --git a/src/verify/function_account_registration_refresh.sql b/src/verify/function_account_registration_refresh.sql index 46f36f4e..1354ff63 100644 --- a/src/verify/function_account_registration_refresh.sql +++ b/src/verify/function_account_registration_refresh.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_registration_refresh on pg - BEGIN; DO $$ diff --git a/src/verify/function_account_upload_quota_bytes.sql b/src/verify/function_account_upload_quota_bytes.sql index 891c3d7b..2f93e90a 100644 --- a/src/verify/function_account_upload_quota_bytes.sql +++ b/src/verify/function_account_upload_quota_bytes.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_account_upload_quota_bytes on pg - BEGIN; DO $$ diff --git a/src/verify/function_achievement_unlock.sql b/src/verify/function_achievement_unlock.sql index bc89a752..56af53cf 100644 --- a/src/verify/function_achievement_unlock.sql +++ b/src/verify/function_achievement_unlock.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_achievement_unlock on pg - BEGIN; DO $$ diff --git a/src/verify/function_authenticate.sql b/src/verify/function_authenticate.sql index f5c15f2a..ac60b706 100644 --- a/src/verify/function_authenticate.sql +++ b/src/verify/function_authenticate.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_authenticate on pg - BEGIN; DO $$ diff --git a/src/verify/function_event_delete.sql b/src/verify/function_event_delete.sql index 2126da0b..6a3b7619 100644 --- a/src/verify/function_event_delete.sql +++ b/src/verify/function_event_delete.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_event_delete on pg - BEGIN; DO $$ diff --git a/src/verify/function_event_invitee_count_maximum.sql b/src/verify/function_event_invitee_count_maximum.sql index cc5af36a..92cdee9c 100644 --- a/src/verify/function_event_invitee_count_maximum.sql +++ b/src/verify/function_event_invitee_count_maximum.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_event_invitee_count_maximum on pg - BEGIN; DO $$ diff --git a/src/verify/function_event_is_existing.sql b/src/verify/function_event_is_existing.sql index 85fa741e..a6610129 100644 --- a/src/verify/function_event_is_existing.sql +++ b/src/verify/function_event_is_existing.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_event_is_existing on pg - BEGIN; DO $$ diff --git a/src/verify/function_event_unlock.sql b/src/verify/function_event_unlock.sql index fcf377fa..8d86751e 100644 --- a/src/verify/function_event_unlock.sql +++ b/src/verify/function_event_unlock.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_event_unlock on pg - BEGIN; DO $$ diff --git a/src/verify/function_events_invited.sql b/src/verify/function_events_invited.sql index e1c5f6e1..16bf3f48 100644 --- a/src/verify/function_events_invited.sql +++ b/src/verify/function_events_invited.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_events_invited on pg - BEGIN; DO $$ diff --git a/src/verify/function_events_organized.sql b/src/verify/function_events_organized.sql index b3e778c0..b96438e0 100644 --- a/src/verify/function_events_organized.sql +++ b/src/verify/function_events_organized.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_events_organized on pg - BEGIN; DO $$ diff --git a/src/verify/function_invitation_claim_array.sql b/src/verify/function_invitation_claim_array.sql index 7e5865c8..2a28bbc7 100644 --- a/src/verify/function_invitation_claim_array.sql +++ b/src/verify/function_invitation_claim_array.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_invitation_claim_array on pg - BEGIN; DO $$ diff --git a/src/verify/function_invitation_contact_ids.sql b/src/verify/function_invitation_contact_ids.sql index 9a1a30e6..510eb0e3 100644 --- a/src/verify/function_invitation_contact_ids.sql +++ b/src/verify/function_invitation_contact_ids.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_invitation_contact_ids on pg - BEGIN; DO $$ diff --git a/src/verify/function_invite.sql b/src/verify/function_invite.sql index d3449f73..12b5c2a9 100644 --- a/src/verify/function_invite.sql +++ b/src/verify/function_invite.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_invite on pg - BEGIN; DO $$ diff --git a/src/verify/function_invitee_count.sql b/src/verify/function_invitee_count.sql index 15c1fa4b..57936144 100644 --- a/src/verify/function_invitee_count.sql +++ b/src/verify/function_invitee_count.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_invitee_count on pg - BEGIN; DO $$ diff --git a/src/verify/function_jwt_refresh.sql b/src/verify/function_jwt_refresh.sql index 14c5c133..6b7f8861 100644 --- a/src/verify/function_jwt_refresh.sql +++ b/src/verify/function_jwt_refresh.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_jwt_refresh on pg - BEGIN; DO $$ diff --git a/src/verify/function_notification_acknowledge.sql b/src/verify/function_notification_acknowledge.sql index 19424a4a..dd365c0d 100644 --- a/src/verify/function_notification_acknowledge.sql +++ b/src/verify/function_notification_acknowledge.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_notification_acknowledge on pg - BEGIN; DO $$ diff --git a/src/verify/function_profile_picture_set.sql b/src/verify/function_profile_picture_set.sql index d900dbf4..2092532c 100644 --- a/src/verify/function_profile_picture_set.sql +++ b/src/verify/function_profile_picture_set.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_profile_picture_set on pg - BEGIN; DO $$ diff --git a/src/verify/function_upload_create.sql b/src/verify/function_upload_create.sql index fd1798ac..c2d531d3 100644 --- a/src/verify/function_upload_create.sql +++ b/src/verify/function_upload_create.sql @@ -1,5 +1,3 @@ --- Verify maevsi:function_upload_create on pg - BEGIN; DO $$ diff --git a/src/verify/index_event_author_username.sql b/src/verify/index_event_author_username.sql index 4500625e..60cd3893 100644 --- a/src/verify/index_event_author_username.sql +++ b/src/verify/index_event_author_username.sql @@ -1,5 +1,3 @@ --- Verify maevsi:index_event_author_account_id on pg - BEGIN; SELECT 1/COUNT(*) diff --git a/src/verify/index_event_group_author_username.sql b/src/verify/index_event_group_author_username.sql index ac098583..4da705ab 100644 --- a/src/verify/index_event_group_author_username.sql +++ b/src/verify/index_event_group_author_username.sql @@ -1,5 +1,3 @@ --- Verify maevsi:index_event_group_author_id on pg - BEGIN; SELECT 1/COUNT(*) diff --git a/src/verify/index_event_grouping_event_group_id.sql b/src/verify/index_event_grouping_event_group_id.sql index a67fffb8..83673658 100644 --- a/src/verify/index_event_grouping_event_group_id.sql +++ b/src/verify/index_event_grouping_event_group_id.sql @@ -1,5 +1,3 @@ --- Verify maevsi:index_event_grouping_event_group_id on pg - BEGIN; SELECT 1/COUNT(*) diff --git a/src/verify/index_event_grouping_event_id.sql b/src/verify/index_event_grouping_event_id.sql index 575865a4..cc2fea40 100644 --- a/src/verify/index_event_grouping_event_id.sql +++ b/src/verify/index_event_grouping_event_id.sql @@ -1,5 +1,3 @@ --- Verify maevsi:index_event_grouping_event_id on pg - BEGIN; SELECT 1/COUNT(*) diff --git a/src/verify/index_invitation_contact_id.sql b/src/verify/index_invitation_contact_id.sql index 09eb6d39..3fea6688 100644 --- a/src/verify/index_invitation_contact_id.sql +++ b/src/verify/index_invitation_contact_id.sql @@ -1,5 +1,3 @@ --- Verify maevsi:index_invitation_contact_id on pg - BEGIN; SELECT 1/COUNT(*) diff --git a/src/verify/index_invitation_event_id.sql b/src/verify/index_invitation_event_id.sql index 470f05f6..de8bf56b 100644 --- a/src/verify/index_invitation_event_id.sql +++ b/src/verify/index_invitation_event_id.sql @@ -1,5 +1,3 @@ --- Verify maevsi:index_invitation_event_id on pg - BEGIN; SELECT 1/COUNT(*) diff --git a/src/verify/privilege_execute_revoke.sql b/src/verify/privilege_execute_revoke.sql index ad667cdd..fd7666be 100644 --- a/src/verify/privilege_execute_revoke.sql +++ b/src/verify/privilege_execute_revoke.sql @@ -1,5 +1,3 @@ --- Verify maevsi:privilege_execute_revoke on pg - BEGIN; -- XXX Add verifications here. diff --git a/src/verify/role_account.sql b/src/verify/role_account.sql index 10bbc3c9..ab7f3703 100644 --- a/src/verify/role_account.sql +++ b/src/verify/role_account.sql @@ -1,5 +1,3 @@ --- Verify maevsi:role_account on pg - BEGIN; DO $$ diff --git a/src/verify/role_anonymous.sql b/src/verify/role_anonymous.sql index 36579de2..d0761647 100644 --- a/src/verify/role_anonymous.sql +++ b/src/verify/role_anonymous.sql @@ -1,5 +1,3 @@ --- Verify maevsi:role_anonymous on pg - BEGIN; DO $$ diff --git a/src/verify/role_grafana.sql b/src/verify/role_grafana.sql index 6515b1ca..5ed4f2ea 100644 --- a/src/verify/role_grafana.sql +++ b/src/verify/role_grafana.sql @@ -1,5 +1,3 @@ --- Verify maevsi:role_grafana on pg - \connect grafana BEGIN; diff --git a/src/verify/role_postgraphile.sql b/src/verify/role_postgraphile.sql index bfac7d85..37885e49 100644 --- a/src/verify/role_postgraphile.sql +++ b/src/verify/role_postgraphile.sql @@ -1,5 +1,3 @@ --- Verify maevsi:role_postgraphile on pg - BEGIN; DO $$ diff --git a/src/verify/role_tusd.sql b/src/verify/role_tusd.sql index b40da8a5..9fbd834a 100644 --- a/src/verify/role_tusd.sql +++ b/src/verify/role_tusd.sql @@ -1,5 +1,3 @@ --- Verify maevsi:role_tusd on pg - BEGIN; DO $$ diff --git a/src/verify/schema_private.sql b/src/verify/schema_private.sql index 29010006..be764224 100644 --- a/src/verify/schema_private.sql +++ b/src/verify/schema_private.sql @@ -1,5 +1,3 @@ --- Verify maevsi:schema_private on pg - BEGIN; DO $$ diff --git a/src/verify/schema_public.sql b/src/verify/schema_public.sql index 885898c6..9310de70 100644 --- a/src/verify/schema_public.sql +++ b/src/verify/schema_public.sql @@ -1,5 +1,3 @@ --- Verify maevsi:schema_public on pg - BEGIN; DO $$ diff --git a/src/verify/table_account_preference_event_size.sql b/src/verify/table_account_preference_event_size.sql index 55553a50..ed94b88e 100644 --- a/src/verify/table_account_preference_event_size.sql +++ b/src/verify/table_account_preference_event_size.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_preference_event_size on pg - BEGIN; SELECT account_id, diff --git a/src/verify/table_account_preference_event_size_policy.sql b/src/verify/table_account_preference_event_size_policy.sql index 3de84ac7..a4ad4882 100644 --- a/src/verify/table_account_preference_event_size_policy.sql +++ b/src/verify/table_account_preference_event_size_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_preference_event_size_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_account_private.sql b/src/verify/table_account_private.sql index 163c27c6..173df64e 100644 --- a/src/verify/table_account_private.sql +++ b/src/verify/table_account_private.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_private on pg - BEGIN; SELECT id, diff --git a/src/verify/table_account_public.sql b/src/verify/table_account_public.sql index 470a92e8..4ea4c773 100644 --- a/src/verify/table_account_public.sql +++ b/src/verify/table_account_public.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_public on pg - BEGIN; SELECT id, diff --git a/src/verify/table_account_social_network.sql b/src/verify/table_account_social_network.sql index 0bef8657..eab2abfe 100644 --- a/src/verify/table_account_social_network.sql +++ b/src/verify/table_account_social_network.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_social_network on pg - BEGIN; SELECT diff --git a/src/verify/table_account_social_network_policy.sql b/src/verify/table_account_social_network_policy.sql index 76fe0032..c7395552 100644 --- a/src/verify/table_account_social_network_policy.sql +++ b/src/verify/table_account_social_network_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_social_network_policy on pg - BEGIN; SAVEPOINT select_account; diff --git a/src/verify/table_achievement.sql b/src/verify/table_achievement.sql index 6fd3de9e..d43b5e0f 100644 --- a/src/verify/table_achievement.sql +++ b/src/verify/table_achievement.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_achievement on pg - BEGIN; SELECT id, diff --git a/src/verify/table_achievement_code.sql b/src/verify/table_achievement_code.sql index e2253338..2e513b89 100644 --- a/src/verify/table_achievement_code.sql +++ b/src/verify/table_achievement_code.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_achievement_code on pg - BEGIN; SELECT id, diff --git a/src/verify/table_contact.sql b/src/verify/table_contact.sql index c3024cd6..30f466cd 100644 --- a/src/verify/table_contact.sql +++ b/src/verify/table_contact.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_contact on pg - BEGIN; SELECT id, diff --git a/src/verify/table_contact_policy.sql b/src/verify/table_contact_policy.sql index c4fb93e8..774dedca 100644 --- a/src/verify/table_contact_policy.sql +++ b/src/verify/table_contact_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_contact_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_event.sql b/src/verify/table_event.sql index bb273324..d1ed2cca 100644 --- a/src/verify/table_event.sql +++ b/src/verify/table_event.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event on pg - BEGIN; SELECT id, diff --git a/src/verify/table_event_group.sql b/src/verify/table_event_group.sql index 58d12615..12cac672 100644 --- a/src/verify/table_event_group.sql +++ b/src/verify/table_event_group.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_group on pg - BEGIN; SELECT id, diff --git a/src/verify/table_event_grouping.sql b/src/verify/table_event_grouping.sql index 7862644e..ea13c2ca 100644 --- a/src/verify/table_event_grouping.sql +++ b/src/verify/table_event_grouping.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_grouping on pg - BEGIN; SELECT id, diff --git a/src/verify/table_event_policy.sql b/src/verify/table_event_policy.sql index 7b9ecd53..28c83f1d 100644 --- a/src/verify/table_event_policy.sql +++ b/src/verify/table_event_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_invitation.sql b/src/verify/table_invitation.sql index 294c1043..d9648f6b 100644 --- a/src/verify/table_invitation.sql +++ b/src/verify/table_invitation.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_invitation on pg - BEGIN; SELECT id, diff --git a/src/verify/table_invitation_policy.sql b/src/verify/table_invitation_policy.sql index 930fe347..02b8f540 100644 --- a/src/verify/table_invitation_policy.sql +++ b/src/verify/table_invitation_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_invitation_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_jwt.sql b/src/verify/table_jwt.sql index 7446ef84..9c8c8ebc 100644 --- a/src/verify/table_jwt.sql +++ b/src/verify/table_jwt.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_jwt on pg - BEGIN; SELECT id, diff --git a/src/verify/table_legal_term.sql b/src/verify/table_legal_term.sql index 48e1d77d..c455c1e3 100644 --- a/src/verify/table_legal_term.sql +++ b/src/verify/table_legal_term.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_legal_term on pg - BEGIN; SELECT id, diff --git a/src/verify/table_legal_term_acceptance.sql b/src/verify/table_legal_term_acceptance.sql index 1e663476..7784a84d 100644 --- a/src/verify/table_legal_term_acceptance.sql +++ b/src/verify/table_legal_term_acceptance.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_legal_term_acceptance on pg - BEGIN; SELECT id, diff --git a/src/verify/table_notification.sql b/src/verify/table_notification.sql index b5958612..5577bb9f 100644 --- a/src/verify/table_notification.sql +++ b/src/verify/table_notification.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_notification on pg - BEGIN; SELECT id, diff --git a/src/verify/table_profile_picture.sql b/src/verify/table_profile_picture.sql index fb6f12a2..e8cba816 100644 --- a/src/verify/table_profile_picture.sql +++ b/src/verify/table_profile_picture.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_profile_picture on pg - BEGIN; SELECT id, diff --git a/src/verify/table_report.sql b/src/verify/table_report.sql index 39981d66..f45f9c5e 100644 --- a/src/verify/table_report.sql +++ b/src/verify/table_report.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_report on pg - BEGIN; SELECT id, diff --git a/src/verify/table_report_policy.sql b/src/verify/table_report_policy.sql index 660f426a..bc124fa9 100644 --- a/src/verify/table_report_policy.sql +++ b/src/verify/table_report_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_report_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_upload.sql b/src/verify/table_upload.sql index 03dbfc40..30bbb956 100644 --- a/src/verify/table_upload.sql +++ b/src/verify/table_upload.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_upload on pg - BEGIN; SELECT id, diff --git a/src/verify/table_upload_policy.sql b/src/verify/table_upload_policy.sql index 35def160..6d5fa077 100644 --- a/src/verify/table_upload_policy.sql +++ b/src/verify/table_upload_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_upload on pg - BEGIN; DO $$ diff --git a/src/verify/type_event_unlock_response.sql b/src/verify/type_event_unlock_response.sql index 0c581533..db3cb1ee 100644 --- a/src/verify/type_event_unlock_response.sql +++ b/src/verify/type_event_unlock_response.sql @@ -1,5 +1,3 @@ --- Verify maevsi:type_event_unlock_response on pg - BEGIN; DO $$ diff --git a/src/verify/type_jwt.sql b/src/verify/type_jwt.sql index b2f62e9a..e5526fd6 100644 --- a/src/verify/type_jwt.sql +++ b/src/verify/type_jwt.sql @@ -1,5 +1,3 @@ --- Verify maevsi:type_jwt on pg - BEGIN; DO $$ From 03c047d36b6ae67f6c05efcc3ed596ebb906e481 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 04:28:10 +0100 Subject: [PATCH 067/105] refactor: use standardized timestamp notation --- schema/schema.definition.sql | 22 +++++++++---------- ...ion_account_email_address_verification.sql | 2 +- .../function_account_password_reset.sql | 2 +- src/deploy/function_account_registration.sql | 2 +- src/deploy/function_authenticate.sql | 2 +- src/deploy/function_jwt_refresh.sql | 4 ++-- src/deploy/table_account_private.sql | 8 +++---- src/deploy/table_notification.sql | 2 +- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 15f89380..04c2b81d 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -277,7 +277,7 @@ BEGIN RAISE 'Unknown verification code!' USING ERRCODE = 'no_data_found'; END IF; - IF (_account.email_address_verification_valid_until < NOW()) THEN + IF (_account.email_address_verification_valid_until < CURRENT_TIMESTAMP) THEN RAISE 'Verification code expired!' USING ERRCODE = 'object_not_in_prerequisite_state'; END IF; @@ -354,7 +354,7 @@ BEGIN RAISE 'Unknown reset code!' USING ERRCODE = 'no_data_found'; END IF; - IF (_account.password_reset_verification_valid_until < NOW()) THEN + IF (_account.password_reset_verification_valid_until < CURRENT_TIMESTAMP) THEN RAISE 'Reset code expired!' USING ERRCODE = 'object_not_in_prerequisite_state'; END IF; @@ -449,7 +449,7 @@ BEGIN END IF; INSERT INTO maevsi_private.account(email_address, password_hash, last_activity) VALUES - (account_registration.email_address, maevsi.crypt(account_registration.password, maevsi.gen_salt('bf')), NOW()) + (account_registration.email_address, maevsi.crypt(account_registration.password, maevsi.gen_salt('bf')), CURRENT_TIMESTAMP) RETURNING * INTO _new_account_private; INSERT INTO maevsi.account(id, username) VALUES @@ -621,7 +621,7 @@ CREATE FUNCTION maevsi.authenticate(username text, password text) RETURNS maevsi DECLARE _account_id UUID; _jwt_id UUID := gen_random_uuid(); - _jwt_exp BIGINT := EXTRACT(EPOCH FROM ((SELECT date_trunc('second', NOW()::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)); + _jwt_exp BIGINT := EXTRACT(EPOCH FROM ((SELECT date_trunc('second', CURRENT_TIMESTAMP::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)); _jwt maevsi.jwt; BEGIN IF ($1 = '' AND $2 = '') THEN @@ -1195,7 +1195,7 @@ CREATE FUNCTION maevsi.jwt_refresh(jwt_id uuid) RETURNS maevsi.jwt LANGUAGE plpgsql STRICT SECURITY DEFINER AS $_$ DECLARE - _epoch_now BIGINT := EXTRACT(EPOCH FROM (SELECT date_trunc('second', NOW()::TIMESTAMP))); + _epoch_now BIGINT := EXTRACT(EPOCH FROM (SELECT date_trunc('second', CURRENT_TIMESTAMP::TIMESTAMP))); _jwt maevsi.jwt; BEGIN SELECT (token).id, (token).account_id, (token).account_username, (token)."exp", (token).invitations, (token).role INTO _jwt @@ -1207,7 +1207,7 @@ BEGIN RETURN NULL; ELSE UPDATE maevsi_private.jwt - SET token.exp = EXTRACT(EPOCH FROM ((SELECT date_trunc('second', NOW()::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)) + SET token.exp = EXTRACT(EPOCH FROM ((SELECT date_trunc('second', CURRENT_TIMESTAMP::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)) WHERE id = $1; UPDATE maevsi_private.account @@ -1502,7 +1502,7 @@ CREATE FUNCTION maevsi_private.account_email_address_verification_valid_until() NEW.email_address_verification_valid_until = NULL; ELSE IF ((OLD IS NULL) OR (OLD.email_address_verification IS DISTINCT FROM NEW.email_address_verification)) THEN - NEW.email_address_verification_valid_until = (SELECT (NOW() + INTERVAL '1 day')::TIMESTAMP); + NEW.email_address_verification_valid_until = (SELECT (CURRENT_TIMESTAMP + INTERVAL '1 day')::TIMESTAMP); END IF; END IF; @@ -1532,7 +1532,7 @@ CREATE FUNCTION maevsi_private.account_password_reset_verification_valid_until() NEW.password_reset_verification_valid_until = NULL; ELSE IF ((OLD IS NULL) OR (OLD.password_reset_verification IS DISTINCT FROM NEW.password_reset_verification)) THEN - NEW.password_reset_verification_valid_until = (SELECT (NOW() + INTERVAL '2 hours')::TIMESTAMP); + NEW.password_reset_verification_valid_until = (SELECT (CURRENT_TIMESTAMP + INTERVAL '2 hours')::TIMESTAMP); END IF; END IF; @@ -2273,11 +2273,11 @@ COMMENT ON CONSTRAINT report_reason_check ON maevsi.report IS 'Ensures the reaso CREATE TABLE maevsi_private.account ( id uuid DEFAULT gen_random_uuid() NOT NULL, birth_date date, - created timestamp without time zone DEFAULT now() NOT NULL, + created timestamp without time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, email_address text NOT NULL, email_address_verification uuid DEFAULT gen_random_uuid(), email_address_verification_valid_until timestamp without time zone, - last_activity timestamp without time zone DEFAULT now() NOT NULL, + last_activity timestamp without time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, password_hash text NOT NULL, password_reset_verification uuid, password_reset_verification_valid_until timestamp without time zone, @@ -2456,7 +2456,7 @@ CREATE TABLE maevsi_private.notification ( channel text NOT NULL, is_acknowledged boolean, payload text NOT NULL, - "timestamp" timestamp with time zone DEFAULT now() NOT NULL, + "timestamp" timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, CONSTRAINT notification_payload_check CHECK ((octet_length(payload) <= 8000)) ); diff --git a/src/deploy/function_account_email_address_verification.sql b/src/deploy/function_account_email_address_verification.sql index febace8f..a211fc2b 100644 --- a/src/deploy/function_account_email_address_verification.sql +++ b/src/deploy/function_account_email_address_verification.sql @@ -15,7 +15,7 @@ BEGIN RAISE 'Unknown verification code!' USING ERRCODE = 'no_data_found'; END IF; - IF (_account.email_address_verification_valid_until < NOW()) THEN + IF (_account.email_address_verification_valid_until < CURRENT_TIMESTAMP) THEN RAISE 'Verification code expired!' USING ERRCODE = 'object_not_in_prerequisite_state'; END IF; diff --git a/src/deploy/function_account_password_reset.sql b/src/deploy/function_account_password_reset.sql index e77afce2..44b2e706 100644 --- a/src/deploy/function_account_password_reset.sql +++ b/src/deploy/function_account_password_reset.sql @@ -20,7 +20,7 @@ BEGIN RAISE 'Unknown reset code!' USING ERRCODE = 'no_data_found'; END IF; - IF (_account.password_reset_verification_valid_until < NOW()) THEN + IF (_account.password_reset_verification_valid_until < CURRENT_TIMESTAMP) THEN RAISE 'Reset code expired!' USING ERRCODE = 'object_not_in_prerequisite_state'; END IF; diff --git a/src/deploy/function_account_registration.sql b/src/deploy/function_account_registration.sql index 44ff8acb..e1c19019 100644 --- a/src/deploy/function_account_registration.sql +++ b/src/deploy/function_account_registration.sql @@ -24,7 +24,7 @@ BEGIN END IF; INSERT INTO maevsi_private.account(email_address, password_hash, last_activity) VALUES - (account_registration.email_address, maevsi.crypt(account_registration.password, maevsi.gen_salt('bf')), NOW()) + (account_registration.email_address, maevsi.crypt(account_registration.password, maevsi.gen_salt('bf')), CURRENT_TIMESTAMP) RETURNING * INTO _new_account_private; INSERT INTO maevsi.account(id, username) VALUES diff --git a/src/deploy/function_authenticate.sql b/src/deploy/function_authenticate.sql index c8e24e25..9d9e15df 100644 --- a/src/deploy/function_authenticate.sql +++ b/src/deploy/function_authenticate.sql @@ -7,7 +7,7 @@ CREATE FUNCTION maevsi.authenticate( DECLARE _account_id UUID; _jwt_id UUID := gen_random_uuid(); - _jwt_exp BIGINT := EXTRACT(EPOCH FROM ((SELECT date_trunc('second', NOW()::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)); + _jwt_exp BIGINT := EXTRACT(EPOCH FROM ((SELECT date_trunc('second', CURRENT_TIMESTAMP::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)); _jwt maevsi.jwt; BEGIN IF ($1 = '' AND $2 = '') THEN diff --git a/src/deploy/function_jwt_refresh.sql b/src/deploy/function_jwt_refresh.sql index 77af1dd7..824f642d 100644 --- a/src/deploy/function_jwt_refresh.sql +++ b/src/deploy/function_jwt_refresh.sql @@ -4,7 +4,7 @@ CREATE FUNCTION maevsi.jwt_refresh( jwt_id UUID ) RETURNS maevsi.jwt AS $$ DECLARE - _epoch_now BIGINT := EXTRACT(EPOCH FROM (SELECT date_trunc('second', NOW()::TIMESTAMP))); + _epoch_now BIGINT := EXTRACT(EPOCH FROM (SELECT date_trunc('second', CURRENT_TIMESTAMP::TIMESTAMP))); _jwt maevsi.jwt; BEGIN SELECT (token).id, (token).account_id, (token).account_username, (token)."exp", (token).invitations, (token).role INTO _jwt @@ -16,7 +16,7 @@ BEGIN RETURN NULL; ELSE UPDATE maevsi_private.jwt - SET token.exp = EXTRACT(EPOCH FROM ((SELECT date_trunc('second', NOW()::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)) + SET token.exp = EXTRACT(EPOCH FROM ((SELECT date_trunc('second', CURRENT_TIMESTAMP::TIMESTAMP)) + COALESCE(current_setting('maevsi.jwt_expiry_duration', true), '1 day')::INTERVAL)) WHERE id = $1; UPDATE maevsi_private.account diff --git a/src/deploy/table_account_private.sql b/src/deploy/table_account_private.sql index 1ed7e1d5..b79c2f61 100644 --- a/src/deploy/table_account_private.sql +++ b/src/deploy/table_account_private.sql @@ -4,11 +4,11 @@ CREATE TABLE maevsi_private.account ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), birth_date DATE, -- TODO: evaluate if this should be `NOT NULL` for all new accounts - created TIMESTAMP NOT NULL DEFAULT NOW(), + created TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, email_address TEXT NOT NULL CHECK (char_length(email_address) < 255) UNIQUE, -- no regex check as "a valid email address is one that you can send emails to" (http://www.dominicsayers.com/isemail/) email_address_verification UUID DEFAULT gen_random_uuid(), email_address_verification_valid_until TIMESTAMP, - last_activity TIMESTAMP NOT NULL DEFAULT NOW(), + last_activity TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, password_hash TEXT NOT NULL, password_reset_verification UUID, password_reset_verification_valid_until TIMESTAMP, @@ -34,7 +34,7 @@ CREATE FUNCTION maevsi_private.account_email_address_verification_valid_until() NEW.email_address_verification_valid_until = NULL; ELSE IF ((OLD IS NULL) OR (OLD.email_address_verification IS DISTINCT FROM NEW.email_address_verification)) THEN - NEW.email_address_verification_valid_until = (SELECT (NOW() + INTERVAL '1 day')::TIMESTAMP); + NEW.email_address_verification_valid_until = (SELECT (CURRENT_TIMESTAMP + INTERVAL '1 day')::TIMESTAMP); END IF; END IF; @@ -52,7 +52,7 @@ CREATE FUNCTION maevsi_private.account_password_reset_verification_valid_until() NEW.password_reset_verification_valid_until = NULL; ELSE IF ((OLD IS NULL) OR (OLD.password_reset_verification IS DISTINCT FROM NEW.password_reset_verification)) THEN - NEW.password_reset_verification_valid_until = (SELECT (NOW() + INTERVAL '2 hours')::TIMESTAMP); + NEW.password_reset_verification_valid_until = (SELECT (CURRENT_TIMESTAMP + INTERVAL '2 hours')::TIMESTAMP); END IF; END IF; diff --git a/src/deploy/table_notification.sql b/src/deploy/table_notification.sql index 3d92dac1..ba24446b 100644 --- a/src/deploy/table_notification.sql +++ b/src/deploy/table_notification.sql @@ -5,7 +5,7 @@ CREATE TABLE maevsi_private.notification ( channel TEXT NOT NULL, is_acknowledged BOOLEAN, payload TEXT NOT NULL CHECK (octet_length(payload) <= 8000), - "timestamp" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW() + "timestamp" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP ); COMMENT ON TABLE maevsi_private.notification IS 'A notification.'; From 76a1465f219c4c0171aafcac1bbbac16580d9691 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 05:11:20 +0100 Subject: [PATCH 068/105] feat: add language enumeration --- schema/schema.definition.sql | 19 +++++++++++++++++++ src/deploy/enum_language.sql | 10 ++++++++++ src/revert/enum_language.sql | 5 +++++ src/sqitch.plan | 1 + src/verify/enum_language.sql | 8 ++++++++ 5 files changed, 43 insertions(+) create mode 100644 src/deploy/enum_language.sql create mode 100644 src/revert/enum_language.sql create mode 100644 src/verify/enum_language.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 04c2b81d..8fbcbbe2 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -203,6 +203,25 @@ ALTER TYPE maevsi.invitation_feedback_paper OWNER TO postgres; COMMENT ON TYPE maevsi.invitation_feedback_paper IS 'Possible choices on how to receive a paper invitation: none, paper, digital.'; +-- +-- Name: language; Type: TYPE; Schema: maevsi; Owner: postgres +-- + +CREATE TYPE maevsi.language AS ENUM ( + 'de', + 'en' +); + + +ALTER TYPE maevsi.language OWNER TO postgres; + +-- +-- Name: TYPE language; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TYPE maevsi.language IS 'Supported ISO 639 language codes.'; + + -- -- Name: social_network; Type: TYPE; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/enum_language.sql b/src/deploy/enum_language.sql new file mode 100644 index 00000000..56e7c109 --- /dev/null +++ b/src/deploy/enum_language.sql @@ -0,0 +1,10 @@ +BEGIN; + +CREATE TYPE maevsi.language AS ENUM ( + 'de', + 'en' +); + +COMMENT ON TYPE maevsi.language IS 'Supported ISO 639 language codes.'; + +COMMIT; diff --git a/src/revert/enum_language.sql b/src/revert/enum_language.sql new file mode 100644 index 00000000..328d537b --- /dev/null +++ b/src/revert/enum_language.sql @@ -0,0 +1,5 @@ +BEGIN; + +DROP TYPE maevsi.language; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 2e8f9715..f67292b6 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -75,3 +75,4 @@ table_account_social_network_policy [schema_public table_account_social_network enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. +enum_language [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Supported ISO 639 language codes. diff --git a/src/verify/enum_language.sql b/src/verify/enum_language.sql new file mode 100644 index 00000000..56726d96 --- /dev/null +++ b/src/verify/enum_language.sql @@ -0,0 +1,8 @@ +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_type_privilege('maevsi.language', 'USAGE')); +END $$; + +ROLLBACK; From 7da87052a017959e3af6fdb641cd693645585b2e Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 05:13:13 +0100 Subject: [PATCH 069/105] chore(contact): align formatting --- src/deploy/table_contact.sql | 6 ++++-- src/verify/table_contact.sql | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index f39d08ec..e40ffce7 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -2,15 +2,17 @@ BEGIN; CREATE TABLE maevsi.contact ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + account_id UUID REFERENCES maevsi.account(id), - "address" TEXT CHECK (char_length("address") > 0 AND char_length("address") < 300), + address TEXT CHECK (char_length("address") > 0 AND char_length("address") < 300), author_account_id UUID NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, email_address TEXT CHECK (char_length(email_address) < 255), -- no regex check as "a valid email address is one that you can send emails to" (http://www.dominicsayers.com/isemail/) email_address_hash TEXT GENERATED ALWAYS AS (md5(lower(substring(email_address, '\S(?:.*\S)*')))) STORED, -- for gravatar profile pictures first_name TEXT CHECK (char_length(first_name) > 0 AND char_length(first_name) < 100), last_name TEXT CHECK (char_length(last_name) > 0 AND char_length(last_name) < 100), phone_number TEXT CHECK (phone_number ~ '^\+(?:[0-9] ?){6,14}[0-9]$'), -- E.164 format (https://wikipedia.org/wiki/E.164) - "url" TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), + url TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), + UNIQUE (author_account_id, account_id) ); diff --git a/src/verify/table_contact.sql b/src/verify/table_contact.sql index 30f466cd..893e61cc 100644 --- a/src/verify/table_contact.sql +++ b/src/verify/table_contact.sql @@ -2,14 +2,14 @@ BEGIN; SELECT id, account_id, - "address", + address, author_account_id, email_address, email_address_hash, first_name, last_name, phone_number, - "url" + url FROM maevsi.contact WHERE FALSE; ROLLBACK; From 669570f6322aa8ad971990b2de9fcf8afdf14007 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 05:19:15 +0100 Subject: [PATCH 070/105] feat(contact): add language Resolves https://github.com/maevsi/sqitch/issues/7 --- schema/schema.definition.sql | 8 ++++++++ src/deploy/table_contact.sql | 2 ++ src/sqitch.plan | 4 ++-- src/verify/table_contact.sql | 1 + 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 8fbcbbe2..b525eb89 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1776,6 +1776,7 @@ CREATE TABLE maevsi.contact ( email_address text, email_address_hash text GENERATED ALWAYS AS (md5(lower("substring"(email_address, '\S(?:.*\S)*'::text)))) STORED, first_name text, + language maevsi.language, last_name text, phone_number text, url text, @@ -1848,6 +1849,13 @@ The contact''s email address''s md5 hash.'; COMMENT ON COLUMN maevsi.contact.first_name IS 'The contact''s first name.'; +-- +-- Name: COLUMN contact.language; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.contact.language IS 'The contact''s language.'; + + -- -- Name: COLUMN contact.last_name; Type: COMMENT; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index e40ffce7..f8601e01 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -9,6 +9,7 @@ CREATE TABLE maevsi.contact ( email_address TEXT CHECK (char_length(email_address) < 255), -- no regex check as "a valid email address is one that you can send emails to" (http://www.dominicsayers.com/isemail/) email_address_hash TEXT GENERATED ALWAYS AS (md5(lower(substring(email_address, '\S(?:.*\S)*')))) STORED, -- for gravatar profile pictures first_name TEXT CHECK (char_length(first_name) > 0 AND char_length(first_name) < 100), + language maevsi.language, last_name TEXT CHECK (char_length(last_name) > 0 AND char_length(last_name) < 100), phone_number TEXT CHECK (phone_number ~ '^\+(?:[0-9] ?){6,14}[0-9]$'), -- E.164 format (https://wikipedia.org/wiki/E.164) url TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), @@ -24,6 +25,7 @@ COMMENT ON COLUMN maevsi.contact.author_account_id IS 'The contact author''s id. COMMENT ON COLUMN maevsi.contact.email_address IS 'The contact''s email address.'; COMMENT ON COLUMN maevsi.contact.email_address_hash IS E'@omit create,update\nThe contact''s email address''s md5 hash.'; COMMENT ON COLUMN maevsi.contact.first_name IS 'The contact''s first name.'; +COMMENT ON COLUMN maevsi.contact.language IS 'The contact''s language.'; COMMENT ON COLUMN maevsi.contact.last_name IS 'The contact''s last name.'; COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international phone number.'; COMMENT ON COLUMN maevsi.contact.url IS 'The contact''s website url.'; diff --git a/src/sqitch.plan b/src/sqitch.plan index f67292b6..84194030 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -22,7 +22,8 @@ function_events_organized [privilege_execute_revoke schema_public table_event ro function_invitation_claim_array [privilege_execute_revoke schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the current invitation claims as UUID array. index_event_author_username [table_event] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event table's username field. enum_invitation_feedback_paper 1970-01-01T00:00:00Z Jonas Thelemann # Possible choices on how to receive a paper invitation: paper, digital. -table_contact [schema_public role_account role_anonymous table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add table contact. +enum_language [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Supported ISO 639 language codes. +table_contact [schema_public enum_language role_account role_anonymous table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add table contact. table_invitation [schema_public table_event table_contact] 1970-01-01T00:00:00Z Jonas Thelemann # Add table invitation. function_events_invited [privilege_execute_revoke schema_private schema_public table_invitation table_contact role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. function_invitation_contact_ids [privilege_execute_revoke schema_public table_invitation function_invitation_claim_array function_events_organized role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. @@ -75,4 +76,3 @@ table_account_social_network_policy [schema_public table_account_social_network enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. -enum_language [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Supported ISO 639 language codes. diff --git a/src/verify/table_contact.sql b/src/verify/table_contact.sql index 893e61cc..726dd90a 100644 --- a/src/verify/table_contact.sql +++ b/src/verify/table_contact.sql @@ -7,6 +7,7 @@ SELECT id, email_address, email_address_hash, first_name, + language, last_name, phone_number, url From 8b7169a856b5e81ebb0676ac7de6ce512a83d548 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 05:19:58 +0100 Subject: [PATCH 071/105] feat(contact): add nickname Resolves https://github.com/maevsi/sqitch/issues/12 --- schema/schema.definition.sql | 9 +++++++++ src/deploy/table_contact.sql | 4 +++- src/verify/table_contact.sql | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index b525eb89..2153c8b9 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1778,12 +1778,14 @@ CREATE TABLE maevsi.contact ( first_name text, language maevsi.language, last_name text, + nickname text, phone_number text, url text, CONSTRAINT contact_address_check CHECK (((char_length(address) > 0) AND (char_length(address) < 300))), CONSTRAINT contact_email_address_check CHECK ((char_length(email_address) < 255)), CONSTRAINT contact_first_name_check CHECK (((char_length(first_name) > 0) AND (char_length(first_name) < 100))), CONSTRAINT contact_last_name_check CHECK (((char_length(last_name) > 0) AND (char_length(last_name) < 100))), + CONSTRAINT contact_nickname_check CHECK (((char_length(nickname) > 0) AND (char_length(nickname) < 100))), CONSTRAINT contact_phone_number_check CHECK ((phone_number ~ '^\+(?:[0-9] ?){6,14}[0-9]$'::text)), CONSTRAINT contact_url_check CHECK (((char_length(url) < 300) AND (url ~ '^https:\/\/'::text))) ); @@ -1863,6 +1865,13 @@ COMMENT ON COLUMN maevsi.contact.language IS 'The contact''s language.'; COMMENT ON COLUMN maevsi.contact.last_name IS 'The contact''s last name.'; +-- +-- Name: COLUMN contact.nickname; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.contact.nickname IS 'The contact''s nickname.'; + + -- -- Name: COLUMN contact.phone_number; Type: COMMENT; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index f8601e01..85a0c5fa 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -11,6 +11,7 @@ CREATE TABLE maevsi.contact ( first_name TEXT CHECK (char_length(first_name) > 0 AND char_length(first_name) < 100), language maevsi.language, last_name TEXT CHECK (char_length(last_name) > 0 AND char_length(last_name) < 100), + nickname TEXT CHECK (char_length(nickname) > 0 AND char_length(nickname) < 100), phone_number TEXT CHECK (phone_number ~ '^\+(?:[0-9] ?){6,14}[0-9]$'), -- E.164 format (https://wikipedia.org/wiki/E.164) url TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), @@ -27,7 +28,8 @@ COMMENT ON COLUMN maevsi.contact.email_address_hash IS E'@omit create,update\nTh COMMENT ON COLUMN maevsi.contact.first_name IS 'The contact''s first name.'; COMMENT ON COLUMN maevsi.contact.language IS 'The contact''s language.'; COMMENT ON COLUMN maevsi.contact.last_name IS 'The contact''s last name.'; -COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international phone number.'; +COMMENT ON COLUMN maevsi.contact.nickname IS 'The contact''s nickname.'; +COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international phone number in E.164 format (https://wikipedia.org/wiki/E.164).'; COMMENT ON COLUMN maevsi.contact.url IS 'The contact''s website url.'; -- GRANTs, RLS and POLICYs are specified in 'table_contact_policy`. diff --git a/src/verify/table_contact.sql b/src/verify/table_contact.sql index 726dd90a..b4ac5dbf 100644 --- a/src/verify/table_contact.sql +++ b/src/verify/table_contact.sql @@ -9,6 +9,7 @@ SELECT id, first_name, language, last_name, + nickname, phone_number, url FROM maevsi.contact WHERE FALSE; From 02da0f9cdb644ef78c5c6a4b354d2bd968904337 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 05:21:17 +0100 Subject: [PATCH 072/105] feat(contact): add timezone Resolves https://github.com/maevsi/sqitch/issues/19 --- schema/schema.definition.sql | 11 ++++++++++- src/deploy/table_contact.sql | 2 ++ src/verify/table_contact.sql | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 2153c8b9..459b9fc8 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1780,6 +1780,7 @@ CREATE TABLE maevsi.contact ( last_name text, nickname text, phone_number text, + timezone text, url text, CONSTRAINT contact_address_check CHECK (((char_length(address) > 0) AND (char_length(address) < 300))), CONSTRAINT contact_email_address_check CHECK ((char_length(email_address) < 255)), @@ -1787,6 +1788,7 @@ CREATE TABLE maevsi.contact ( CONSTRAINT contact_last_name_check CHECK (((char_length(last_name) > 0) AND (char_length(last_name) < 100))), CONSTRAINT contact_nickname_check CHECK (((char_length(nickname) > 0) AND (char_length(nickname) < 100))), CONSTRAINT contact_phone_number_check CHECK ((phone_number ~ '^\+(?:[0-9] ?){6,14}[0-9]$'::text)), + CONSTRAINT contact_timezone_check CHECK ((timezone ~ '^([+-](0[0-9]|1[0-4]):[0-5][0-9]|Z)$'::text)), CONSTRAINT contact_url_check CHECK (((char_length(url) < 300) AND (url ~ '^https:\/\/'::text))) ); @@ -1876,7 +1878,14 @@ COMMENT ON COLUMN maevsi.contact.nickname IS 'The contact''s nickname.'; -- Name: COLUMN contact.phone_number; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international phone number.'; +COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international phone number in E.164 format (https://wikipedia.org/wiki/E.164).'; + + +-- +-- Name: COLUMN contact.timezone; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.contact.timezone IS 'The contact''s ISO 8601 timezone, e.g. `+02:00`, `-05:30` or `Z`.'; -- diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index 85a0c5fa..feb9330b 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -13,6 +13,7 @@ CREATE TABLE maevsi.contact ( last_name TEXT CHECK (char_length(last_name) > 0 AND char_length(last_name) < 100), nickname TEXT CHECK (char_length(nickname) > 0 AND char_length(nickname) < 100), phone_number TEXT CHECK (phone_number ~ '^\+(?:[0-9] ?){6,14}[0-9]$'), -- E.164 format (https://wikipedia.org/wiki/E.164) + timezone TEXT CHECK (timezone ~ '^([+-](0[0-9]|1[0-4]):[0-5][0-9]|Z)$'), url TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), UNIQUE (author_account_id, account_id) @@ -30,6 +31,7 @@ COMMENT ON COLUMN maevsi.contact.language IS 'The contact''s language.'; COMMENT ON COLUMN maevsi.contact.last_name IS 'The contact''s last name.'; COMMENT ON COLUMN maevsi.contact.nickname IS 'The contact''s nickname.'; COMMENT ON COLUMN maevsi.contact.phone_number IS 'The contact''s international phone number in E.164 format (https://wikipedia.org/wiki/E.164).'; +COMMENT ON COLUMN maevsi.contact.timezone IS 'The contact''s ISO 8601 timezone, e.g. `+02:00`, `-05:30` or `Z`.'; COMMENT ON COLUMN maevsi.contact.url IS 'The contact''s website url.'; -- GRANTs, RLS and POLICYs are specified in 'table_contact_policy`. diff --git a/src/verify/table_contact.sql b/src/verify/table_contact.sql index b4ac5dbf..ff2110c2 100644 --- a/src/verify/table_contact.sql +++ b/src/verify/table_contact.sql @@ -11,6 +11,7 @@ SELECT id, last_name, nickname, phone_number, + timezone, url FROM maevsi.contact WHERE FALSE; From be91760fb36a7c957f08aaaca3e80c5d415eb95f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 04:29:24 +0000 Subject: [PATCH 073/105] chore(release): 4.4.0 [skip ci] ## [4.4.0](https://github.com/maevsi/sqitch/compare/4.3.1...4.4.0) (2024-12-12) ### Features * add language enumeration ([76a1465](https://github.com/maevsi/sqitch/commit/76a1465f219c4c0171aafcac1bbbac16580d9691)) * **contact:** add language ([669570f](https://github.com/maevsi/sqitch/commit/669570f6322aa8ad971990b2de9fcf8afdf14007)) * **contact:** add nickname ([8b7169a](https://github.com/maevsi/sqitch/commit/8b7169a856b5e81ebb0676ac7de6ce512a83d548)) * **contact:** add timezone ([02da0f9](https://github.com/maevsi/sqitch/commit/02da0f9cdb644ef78c5c6a4b354d2bd968904337)) --- CHANGELOG.md | 9 +++++++++ package.json | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 35b1658d..4e5ecabf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [4.4.0](https://github.com/maevsi/sqitch/compare/4.3.1...4.4.0) (2024-12-12) + +### Features + +* add language enumeration ([76a1465](https://github.com/maevsi/sqitch/commit/76a1465f219c4c0171aafcac1bbbac16580d9691)) +* **contact:** add language ([669570f](https://github.com/maevsi/sqitch/commit/669570f6322aa8ad971990b2de9fcf8afdf14007)) +* **contact:** add nickname ([8b7169a](https://github.com/maevsi/sqitch/commit/8b7169a856b5e81ebb0676ac7de6ce512a83d548)) +* **contact:** add timezone ([02da0f9](https://github.com/maevsi/sqitch/commit/02da0f9cdb644ef78c5c6a4b354d2bd968904337)) + ## [4.3.1](https://github.com/maevsi/sqitch/compare/4.3.0...4.3.1) (2024-12-06) ### Bug Fixes diff --git a/package.json b/package.json index 61128411..fa25f3a0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.3.1", + "version": "4.4.0", "private": true, "engines": { "node": "22" From d8d142d8d1b12ae4890b97f60fc2daf7eb20fe96 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 05:57:56 +0100 Subject: [PATCH 074/105] feat(table): add creation timestamps Resolves https://github.com/maevsi/sqitch/issues/13 --- schema/schema.definition.sql | 72 ++++++++++++++++--- .../table_account_preference_event_size.sql | 3 + src/deploy/table_contact.sql | 2 + src/deploy/table_event.sql | 16 +++-- src/deploy/table_event_group.sql | 3 + src/deploy/table_invitation.sql | 4 ++ src/deploy/table_report.sql | 5 +- src/deploy/table_upload.sql | 3 + .../table_account_preference_event_size.sql | 3 +- src/verify/table_contact.sql | 1 + src/verify/table_event.sql | 11 +-- src/verify/table_event_group.sql | 1 + src/verify/table_invitation.sql | 1 + src/verify/table_report.sql | 4 +- src/verify/table_upload.sql | 1 + 15 files changed, 105 insertions(+), 25 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 459b9fc8..e236ee08 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -705,6 +705,7 @@ SET default_table_access_method = heap; CREATE TABLE maevsi.event ( id uuid DEFAULT gen_random_uuid() NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, author_account_id uuid NOT NULL, description text, "end" timestamp with time zone, @@ -744,6 +745,14 @@ COMMENT ON COLUMN maevsi.event.id IS '@omit create,update The event''s internal id.'; +-- +-- Name: COLUMN event.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event.created_at IS '@omit create +Timestamp of when the event was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN event.author_account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -1424,6 +1433,7 @@ COMMENT ON FUNCTION maevsi.trigger_invitation_update() IS 'Checks if the caller CREATE TABLE maevsi.upload ( id uuid DEFAULT gen_random_uuid() NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, account_id uuid NOT NULL, size_byte bigint NOT NULL, storage_key text, @@ -1448,6 +1458,14 @@ COMMENT ON COLUMN maevsi.upload.id IS '@omit create,update The upload''s internal id.'; +-- +-- Name: COLUMN upload.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.upload.created_at IS '@omit create +Timestamp of when the upload was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN upload.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -1645,6 +1663,7 @@ COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.'; -- CREATE TABLE maevsi.account_preference_event_size ( + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, account_id uuid NOT NULL, event_size maevsi.event_size NOT NULL ); @@ -1659,6 +1678,14 @@ ALTER TABLE maevsi.account_preference_event_size OWNER TO postgres; COMMENT ON TABLE maevsi.account_preference_event_size IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; +-- +-- Name: COLUMN account_preference_event_size.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.account_preference_event_size.created_at IS '@omit create +Timestamp of when the event size preference was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN account_preference_event_size.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -1770,6 +1797,7 @@ COMMENT ON COLUMN maevsi.achievement.level IS 'The achievement unlock''s level.' CREATE TABLE maevsi.contact ( id uuid DEFAULT gen_random_uuid() NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, account_id uuid, address text, author_account_id uuid NOT NULL, @@ -1810,6 +1838,14 @@ COMMENT ON COLUMN maevsi.contact.id IS '@omit create,update The contact''s internal id.'; +-- +-- Name: COLUMN contact.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.contact.created_at IS '@omit create +Timestamp of when the contact was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN contact.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -1901,6 +1937,7 @@ COMMENT ON COLUMN maevsi.contact.url IS 'The contact''s website url.'; CREATE TABLE maevsi.event_group ( id uuid DEFAULT gen_random_uuid() NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, author_account_id uuid NOT NULL, description text, is_archived boolean DEFAULT false NOT NULL, @@ -1929,6 +1966,14 @@ COMMENT ON COLUMN maevsi.event_group.id IS '@omit create,update The event group''s internal id.'; +-- +-- Name: COLUMN event_group.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_group.created_at IS '@omit create +Timestamp of when the event group was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN event_group.author_account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -2013,6 +2058,7 @@ COMMENT ON COLUMN maevsi.event_grouping.event_id IS 'The event grouping''s inter CREATE TABLE maevsi.invitation ( id uuid DEFAULT gen_random_uuid() NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, contact_id uuid NOT NULL, event_id uuid NOT NULL, feedback maevsi.invitation_feedback, @@ -2037,6 +2083,14 @@ COMMENT ON COLUMN maevsi.invitation.id IS '@omit create,update The invitations''s internal id.'; +-- +-- Name: COLUMN invitation.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.invitation.created_at IS '@omit create +Timestamp of when the invitation was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN invitation.contact_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -2225,12 +2279,12 @@ COMMENT ON COLUMN maevsi.profile_picture.upload_id IS 'The upload''s id.'; CREATE TABLE maevsi.report ( id uuid DEFAULT gen_random_uuid() NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, author_account_id uuid NOT NULL, reason text NOT NULL, target_account_id uuid, target_event_id uuid, target_upload_id uuid, - created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, CONSTRAINT report_check CHECK ((num_nonnulls(target_account_id, target_event_id, target_upload_id) = 1)), CONSTRAINT report_reason_check CHECK (((char_length(reason) > 0) AND (char_length(reason) < 2000))) ); @@ -2254,6 +2308,14 @@ COMMENT ON COLUMN maevsi.report.id IS '@omit create Unique identifier for the report, generated randomly using UUIDs.'; +-- +-- Name: COLUMN report.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.report.created_at IS '@omit create +Timestamp of when the report was created, defaults to the current timestamp.'; + + -- -- Name: COLUMN report.author_account_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -2289,14 +2351,6 @@ COMMENT ON COLUMN maevsi.report.target_event_id IS 'The ID of the event being re COMMENT ON COLUMN maevsi.report.target_upload_id IS 'The ID of the upload being reported, if applicable.'; --- --- Name: COLUMN report.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres --- - -COMMENT ON COLUMN maevsi.report.created_at IS '@omit create -Timestamp of when the report was created, defaults to the current timestamp.'; - - -- -- Name: CONSTRAINT report_check ON report; Type: COMMENT; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_account_preference_event_size.sql b/src/deploy/table_account_preference_event_size.sql index b76e19c9..5f05fd81 100644 --- a/src/deploy/table_account_preference_event_size.sql +++ b/src/deploy/table_account_preference_event_size.sql @@ -1,6 +1,8 @@ BEGIN; CREATE TABLE maevsi.account_preference_event_size ( + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + account_id UUID REFERENCES maevsi.account(id), event_size maevsi.event_size, @@ -8,6 +10,7 @@ CREATE TABLE maevsi.account_preference_event_size ( ); COMMENT ON TABLE maevsi.account_preference_event_size IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; +COMMENT ON COLUMN maevsi.account_preference_event_size.created_at IS E'@omit create\nTimestamp of when the event size preference was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.account_preference_event_size.account_id IS 'The account''s internal id.'; COMMENT ON COLUMN maevsi.account_preference_event_size.event_size IS 'A preferred event sized'; diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index feb9330b..c1d4da88 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -2,6 +2,7 @@ BEGIN; CREATE TABLE maevsi.contact ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, account_id UUID REFERENCES maevsi.account(id), address TEXT CHECK (char_length("address") > 0 AND char_length("address") < 300), @@ -21,6 +22,7 @@ CREATE TABLE maevsi.contact ( COMMENT ON TABLE maevsi.contact IS 'Contact data.'; COMMENT ON COLUMN maevsi.contact.id IS E'@omit create,update\nThe contact''s internal id.'; +COMMENT ON COLUMN maevsi.contact.created_at IS E'@omit create\nTimestamp of when the contact was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.contact.account_id IS 'The contact account''s id.'; COMMENT ON COLUMN maevsi.contact.address IS 'The contact''s physical address.'; COMMENT ON COLUMN maevsi.contact.author_account_id IS 'The contact author''s id.'; diff --git a/src/deploy/table_event.sql b/src/deploy/table_event.sql index 09b37eb0..4a3f11cf 100644 --- a/src/deploy/table_event.sql +++ b/src/deploy/table_event.sql @@ -2,24 +2,28 @@ BEGIN; CREATE TABLE maevsi.event ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + author_account_id UUID NOT NULL REFERENCES maevsi.account(id), - "description" TEXT CHECK (char_length("description") > 0 AND char_length("description") < 1000000), - "end" TIMESTAMP WITH TIME ZONE, + description TEXT CHECK (char_length("description") > 0 AND char_length("description") < 1000000), + "end" TIMESTAMP WITH TIME ZONE, invitee_count_maximum INTEGER CHECK (invitee_count_maximum > 0), is_archived BOOLEAN NOT NULL DEFAULT FALSE, is_in_person BOOLEAN, is_remote BOOLEAN, - "location" TEXT CHECK (char_length("location") > 0 AND char_length("location") < 300), - "name" TEXT NOT NULL CHECK (char_length("name") > 0 AND char_length("name") < 100), + location TEXT CHECK (char_length("location") > 0 AND char_length("location") < 300), + name TEXT NOT NULL CHECK (char_length("name") > 0 AND char_length("name") < 100), slug TEXT NOT NULL CHECK (char_length(slug) < 100 AND slug ~ '^[-A-Za-z0-9]+$'), - "start" TIMESTAMP WITH TIME ZONE NOT NULL, - "url" TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), + start TIMESTAMP WITH TIME ZONE NOT NULL, + url TEXT CHECK (char_length("url") < 300 AND "url" ~ '^https:\/\/'), visibility maevsi.event_visibility NOT NULL, + UNIQUE (author_account_id, slug) ); COMMENT ON TABLE maevsi.event IS 'An event.'; COMMENT ON COLUMN maevsi.event.id IS E'@omit create,update\nThe event''s internal id.'; +COMMENT ON COLUMN maevsi.event.created_at IS E'@omit create\nTimestamp of when the event was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.event.author_account_id IS 'The event author''s id.'; COMMENT ON COLUMN maevsi.event.description IS 'The event''s description.'; COMMENT ON COLUMN maevsi.event.end IS 'The event''s end date and time, with timezone.'; diff --git a/src/deploy/table_event_group.sql b/src/deploy/table_event_group.sql index f434cb27..4b8cb124 100644 --- a/src/deploy/table_event_group.sql +++ b/src/deploy/table_event_group.sql @@ -2,6 +2,8 @@ BEGIN; CREATE TABLE maevsi.event_group ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + author_account_id UUID NOT NULL REFERENCES maevsi.account(id), "description" TEXT CHECK (char_length("description") < 1000000), is_archived BOOLEAN NOT NULL DEFAULT FALSE, @@ -12,6 +14,7 @@ CREATE TABLE maevsi.event_group ( COMMENT ON TABLE maevsi.event_group IS 'A group of events.'; COMMENT ON COLUMN maevsi.event_group.id IS E'@omit create,update\nThe event group''s internal id.'; +COMMENT ON COLUMN maevsi.event_group.created_at IS E'@omit create\nTimestamp of when the event group was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.event_group.author_account_id IS 'The event group author''s id.'; COMMENT ON COLUMN maevsi.event_group.description IS 'The event group''s description.'; COMMENT ON COLUMN maevsi.event_group.is_archived IS 'Indicates whether the event group is archived.'; diff --git a/src/deploy/table_invitation.sql b/src/deploy/table_invitation.sql index 5ac0b461..cf0f61a0 100644 --- a/src/deploy/table_invitation.sql +++ b/src/deploy/table_invitation.sql @@ -2,15 +2,19 @@ BEGIN; CREATE TABLE maevsi.invitation ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + contact_id UUID NOT NULL REFERENCES maevsi.contact(id), event_id UUID NOT NULL REFERENCES maevsi.event(id), feedback maevsi.invitation_feedback, feedback_paper maevsi.invitation_feedback_paper, + UNIQUE (event_id, contact_id) ); COMMENT ON TABLE maevsi.invitation IS 'An invitation for a contact. A bidirectional mapping between an event and a contact.'; COMMENT ON COLUMN maevsi.invitation.id IS E'@omit create,update\nThe invitations''s internal id.'; +COMMENT ON COLUMN maevsi.invitation.created_at IS E'@omit create\nTimestamp of when the invitation was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.invitation.contact_id IS 'The contact''s internal id for which the invitation is valid.'; COMMENT ON COLUMN maevsi.invitation.event_id IS 'The event''s internal id for which the invitation is valid.'; COMMENT ON COLUMN maevsi.invitation.feedback IS 'The invitation''s general feedback status.'; diff --git a/src/deploy/table_report.sql b/src/deploy/table_report.sql index 8e63bc10..820af755 100644 --- a/src/deploy/table_report.sql +++ b/src/deploy/table_report.sql @@ -2,12 +2,13 @@ BEGIN; CREATE TABLE maevsi.report ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + author_account_id UUID NOT NULL REFERENCES maevsi.account(id), reason TEXT NOT NULL CHECK (char_length("reason") > 0 AND char_length("reason") < 2000), target_account_id UUID REFERENCES maevsi.account(id), target_event_id UUID REFERENCES maevsi.event(id), target_upload_id UUID REFERENCES maevsi.upload(id), - created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, CHECK (num_nonnulls(target_account_id, target_event_id, target_upload_id) = 1), UNIQUE (author_account_id, target_account_id, target_event_id, target_upload_id) @@ -15,12 +16,12 @@ CREATE TABLE maevsi.report ( COMMENT ON TABLE maevsi.report IS E'@omit update,delete\nStores reports made by users on other users, events, or uploads for moderation purposes.'; COMMENT ON COLUMN maevsi.report.id IS E'@omit create\nUnique identifier for the report, generated randomly using UUIDs.'; +COMMENT ON COLUMN maevsi.report.created_at IS E'@omit create\nTimestamp of when the report was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.report.author_account_id IS 'The ID of the user who created the report.'; COMMENT ON COLUMN maevsi.report.reason IS 'The reason for the report, provided by the reporting user. Must be non-empty and less than 2000 characters.'; COMMENT ON COLUMN maevsi.report.target_account_id IS 'The ID of the account being reported, if applicable.'; COMMENT ON COLUMN maevsi.report.target_event_id IS 'The ID of the event being reported, if applicable.'; COMMENT ON COLUMN maevsi.report.target_upload_id IS 'The ID of the upload being reported, if applicable.'; -COMMENT ON COLUMN maevsi.report.created_at IS E'@omit create\nTimestamp of when the report was created, defaults to the current timestamp.'; COMMENT ON CONSTRAINT report_reason_check ON maevsi.report IS 'Ensures the reason field contains between 1 and 2000 characters.'; COMMENT ON CONSTRAINT report_check ON maevsi.report IS 'Ensures that the report targets exactly one element (account, event, or upload).'; COMMENT ON CONSTRAINT report_author_account_id_target_account_id_target_event_id__key ON maevsi.report IS 'Ensures that the same user cannot submit multiple reports on the same element (account, event, or upload).'; diff --git a/src/deploy/table_upload.sql b/src/deploy/table_upload.sql index 6b6adc9e..de1c4ab0 100644 --- a/src/deploy/table_upload.sql +++ b/src/deploy/table_upload.sql @@ -2,6 +2,8 @@ BEGIN; CREATE TABLE maevsi.upload ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + account_id UUID NOT NULL REFERENCES maevsi.account(id), size_byte BIGINT NOT NULL CHECK (size_byte > 0), storage_key TEXT UNIQUE @@ -9,6 +11,7 @@ CREATE TABLE maevsi.upload ( COMMENT ON TABLE maevsi.upload IS 'An upload.'; COMMENT ON COLUMN maevsi.upload.id IS E'@omit create,update\nThe upload''s internal id.'; +COMMENT ON COLUMN maevsi.upload.created_at IS E'@omit create\nTimestamp of when the upload was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.upload.account_id IS 'The uploader''s account id.'; COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; diff --git a/src/verify/table_account_preference_event_size.sql b/src/verify/table_account_preference_event_size.sql index ed94b88e..34a2b129 100644 --- a/src/verify/table_account_preference_event_size.sql +++ b/src/verify/table_account_preference_event_size.sql @@ -1,6 +1,7 @@ BEGIN; -SELECT account_id, +SELECT created_at, + account_id, event_size FROM maevsi.account_preference_event_size WHERE FALSE; diff --git a/src/verify/table_contact.sql b/src/verify/table_contact.sql index ff2110c2..caade761 100644 --- a/src/verify/table_contact.sql +++ b/src/verify/table_contact.sql @@ -1,6 +1,7 @@ BEGIN; SELECT id, + created_at, account_id, address, author_account_id, diff --git a/src/verify/table_event.sql b/src/verify/table_event.sql index d1ed2cca..58f89ce2 100644 --- a/src/verify/table_event.sql +++ b/src/verify/table_event.sql @@ -1,18 +1,19 @@ BEGIN; SELECT id, + created_at, author_account_id, - "description", + description, "end", invitee_count_maximum, is_archived, is_in_person, is_remote, - "location", - "name", + location, + name, slug, - "start", - "url", + start, + url, visibility FROM maevsi.event WHERE FALSE; diff --git a/src/verify/table_event_group.sql b/src/verify/table_event_group.sql index 12cac672..80491c8a 100644 --- a/src/verify/table_event_group.sql +++ b/src/verify/table_event_group.sql @@ -1,6 +1,7 @@ BEGIN; SELECT id, + created_at, author_account_id, "description", is_archived, diff --git a/src/verify/table_invitation.sql b/src/verify/table_invitation.sql index d9648f6b..68c4d2f1 100644 --- a/src/verify/table_invitation.sql +++ b/src/verify/table_invitation.sql @@ -1,6 +1,7 @@ BEGIN; SELECT id, + created_at, event_id, feedback, feedback_paper diff --git a/src/verify/table_report.sql b/src/verify/table_report.sql index f45f9c5e..4cd29e5a 100644 --- a/src/verify/table_report.sql +++ b/src/verify/table_report.sql @@ -1,12 +1,12 @@ BEGIN; SELECT id, + created_at, author_account_id, reason, target_account_id, target_event_id, - target_upload_id, - created_at + target_upload_id FROM maevsi.report WHERE FALSE; ROLLBACK; diff --git a/src/verify/table_upload.sql b/src/verify/table_upload.sql index 30bbb956..07a730dc 100644 --- a/src/verify/table_upload.sql +++ b/src/verify/table_upload.sql @@ -1,6 +1,7 @@ BEGIN; SELECT id, + created_at, account_id, size_byte, storage_key From 707918bae13f4299246907ce6d474607cae86fba Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 05:02:00 +0000 Subject: [PATCH 075/105] chore(release): 4.5.0 [skip ci] ## [4.5.0](https://github.com/maevsi/sqitch/compare/4.4.0...4.5.0) (2024-12-12) ### Features * **table:** add creation timestamps ([d8d142d](https://github.com/maevsi/sqitch/commit/d8d142d8d1b12ae4890b97f60fc2daf7eb20fe96)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e5ecabf..448ce0ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.5.0](https://github.com/maevsi/sqitch/compare/4.4.0...4.5.0) (2024-12-12) + +### Features + +* **table:** add creation timestamps ([d8d142d](https://github.com/maevsi/sqitch/commit/d8d142d8d1b12ae4890b97f60fc2daf7eb20fe96)) + ## [4.4.0](https://github.com/maevsi/sqitch/compare/4.3.1...4.4.0) (2024-12-12) ### Features diff --git a/package.json b/package.json index fa25f3a0..f8d421ed 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.4.0", + "version": "4.5.0", "private": true, "engines": { "node": "22" From f493fe4d6c5e5127a0cad253768c864fcdfe296b Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 07:07:37 +0100 Subject: [PATCH 076/105] feat(invitation): add update metadata Add `updated_at` and `updated_by` columns to the invitation table. --- schema/schema.definition.sql | 28 ++++++++++++++++++++++++++ src/deploy/table_invitation.sql | 4 ++++ src/deploy/table_invitation_policy.sql | 2 ++ src/verify/table_invitation.sql | 2 ++ 4 files changed, 36 insertions(+) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index e236ee08..a529a4a9 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1413,6 +1413,8 @@ BEGIN THEN RAISE 'You''re only allowed to alter these rows: %!', whitelisted_cols USING ERRCODE = 'insufficient_privilege'; ELSE + NEW.updated_at = CURRENT_TIMESTAMP; + NEW.updated_by = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; RETURN NEW; END IF; END $$; @@ -2059,6 +2061,8 @@ COMMENT ON COLUMN maevsi.event_grouping.event_id IS 'The event grouping''s inter CREATE TABLE maevsi.invitation ( id uuid DEFAULT gen_random_uuid() NOT NULL, created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, + updated_at timestamp with time zone, + updated_by uuid, contact_id uuid NOT NULL, event_id uuid NOT NULL, feedback maevsi.invitation_feedback, @@ -2091,6 +2095,22 @@ COMMENT ON COLUMN maevsi.invitation.created_at IS '@omit create Timestamp of when the invitation was created, defaults to the current timestamp.'; +-- +-- Name: COLUMN invitation.updated_at; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.invitation.updated_at IS '@omit create,update +Timestamp of when the invitation was last updated.'; + + +-- +-- Name: COLUMN invitation.updated_by; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.invitation.updated_by IS '@omit create,update +The id of the account which last updated the invitation. `NULL` if the invitation was updated by an anonymous user.'; + + -- -- Name: COLUMN invitation.contact_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- @@ -3664,6 +3684,14 @@ ALTER TABLE ONLY maevsi.invitation ADD CONSTRAINT invitation_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id); +-- +-- Name: invitation invitation_updated_by_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.invitation + ADD CONSTRAINT invitation_updated_by_fkey FOREIGN KEY (updated_by) REFERENCES maevsi.account(id); + + -- -- Name: legal_term_acceptance legal_term_acceptance_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_invitation.sql b/src/deploy/table_invitation.sql index cf0f61a0..cc3b201c 100644 --- a/src/deploy/table_invitation.sql +++ b/src/deploy/table_invitation.sql @@ -3,6 +3,8 @@ BEGIN; CREATE TABLE maevsi.invitation ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE, + updated_by UUID REFERENCES maevsi.account(id), contact_id UUID NOT NULL REFERENCES maevsi.contact(id), event_id UUID NOT NULL REFERENCES maevsi.event(id), @@ -15,6 +17,8 @@ CREATE TABLE maevsi.invitation ( COMMENT ON TABLE maevsi.invitation IS 'An invitation for a contact. A bidirectional mapping between an event and a contact.'; COMMENT ON COLUMN maevsi.invitation.id IS E'@omit create,update\nThe invitations''s internal id.'; COMMENT ON COLUMN maevsi.invitation.created_at IS E'@omit create\nTimestamp of when the invitation was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.invitation.updated_at IS E'@omit create,update\nTimestamp of when the invitation was last updated.'; +COMMENT ON COLUMN maevsi.invitation.updated_by IS E'@omit create,update\nThe id of the account which last updated the invitation. `NULL` if the invitation was updated by an anonymous user.'; COMMENT ON COLUMN maevsi.invitation.contact_id IS 'The contact''s internal id for which the invitation is valid.'; COMMENT ON COLUMN maevsi.invitation.event_id IS 'The event''s internal id for which the invitation is valid.'; COMMENT ON COLUMN maevsi.invitation.feedback IS 'The invitation''s general feedback status.'; diff --git a/src/deploy/table_invitation_policy.sql b/src/deploy/table_invitation_policy.sql index ca60957e..6c36ebe7 100644 --- a/src/deploy/table_invitation_policy.sql +++ b/src/deploy/table_invitation_policy.sql @@ -97,6 +97,8 @@ BEGIN THEN RAISE 'You''re only allowed to alter these rows: %!', whitelisted_cols USING ERRCODE = 'insufficient_privilege'; ELSE + NEW.updated_at = CURRENT_TIMESTAMP; + NEW.updated_by = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; RETURN NEW; END IF; END $$ LANGUAGE PLPGSQL STRICT VOLATILE SECURITY INVOKER; diff --git a/src/verify/table_invitation.sql b/src/verify/table_invitation.sql index 68c4d2f1..4cc5e972 100644 --- a/src/verify/table_invitation.sql +++ b/src/verify/table_invitation.sql @@ -2,6 +2,8 @@ BEGIN; SELECT id, created_at, + updated_at, + updated_by, event_id, feedback, feedback_paper From 555e031c96e3a83ae41e3b03dd5c2de72e51780f Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 07:18:22 +0100 Subject: [PATCH 077/105] fix(legal-term-acceptance): omit update and delete --- schema/schema.definition.sql | 2 +- src/deploy/table_legal_term_acceptance.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index e236ee08..ec7b4be6 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2198,7 +2198,7 @@ ALTER TABLE maevsi.legal_term_acceptance OWNER TO postgres; -- Name: TABLE legal_term_acceptance; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON TABLE maevsi.legal_term_acceptance IS 'Tracks each user account''s acceptance of legal terms and conditions.'; +COMMENT ON TABLE maevsi.legal_term_acceptance IS '@omit update,delete\nTracks each user account''s acceptance of legal terms and conditions.'; -- diff --git a/src/deploy/table_legal_term_acceptance.sql b/src/deploy/table_legal_term_acceptance.sql index e249d0eb..5002457b 100644 --- a/src/deploy/table_legal_term_acceptance.sql +++ b/src/deploy/table_legal_term_acceptance.sql @@ -8,7 +8,7 @@ CREATE TABLE maevsi.legal_term_acceptance ( legal_term_id UUID NOT NULL REFERENCES maevsi.legal_term(id) ON DELETE RESTRICT -- deletion of the parent row should not be possible ); -COMMENT ON TABLE maevsi.legal_term_acceptance IS 'Tracks each user account''s acceptance of legal terms and conditions.'; +COMMENT ON TABLE maevsi.legal_term_acceptance IS '@omit update,delete\nTracks each user account''s acceptance of legal terms and conditions.'; COMMENT ON COLUMN maevsi.legal_term_acceptance.id IS E'@omit create\nUnique identifier for this legal term acceptance record. Automatically generated for each new acceptance.'; COMMENT ON COLUMN maevsi.legal_term_acceptance.created_at IS E'@omit create\nTimestamp showing when the legal terms were accepted, set automatically at the time of acceptance.'; COMMENT ON COLUMN maevsi.legal_term_acceptance.account_id IS 'The user account ID that accepted the legal terms. If the account is deleted, this acceptance record will also be deleted.'; From 084ad1e7f89dfcfd890fde76f3d5baa9dffe1cd8 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 07:19:10 +0100 Subject: [PATCH 078/105] fix: omit update for creation timestamps --- schema/schema.definition.sql | 12 ++++++------ src/deploy/table_account_preference_event_size.sql | 2 +- src/deploy/table_contact.sql | 2 +- src/deploy/table_event.sql | 2 +- src/deploy/table_event_group.sql | 2 +- src/deploy/table_invitation.sql | 2 +- src/deploy/table_upload.sql | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index ec7b4be6..2deb2878 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -749,7 +749,7 @@ The event''s internal id.'; -- Name: COLUMN event.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event.created_at IS '@omit create +COMMENT ON COLUMN maevsi.event.created_at IS '@omit create,update Timestamp of when the event was created, defaults to the current timestamp.'; @@ -1462,7 +1462,7 @@ The upload''s internal id.'; -- Name: COLUMN upload.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.upload.created_at IS '@omit create +COMMENT ON COLUMN maevsi.upload.created_at IS '@omit create,update Timestamp of when the upload was created, defaults to the current timestamp.'; @@ -1682,7 +1682,7 @@ COMMENT ON TABLE maevsi.account_preference_event_size IS 'Table for the user acc -- Name: COLUMN account_preference_event_size.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.account_preference_event_size.created_at IS '@omit create +COMMENT ON COLUMN maevsi.account_preference_event_size.created_at IS '@omit create,update Timestamp of when the event size preference was created, defaults to the current timestamp.'; @@ -1842,7 +1842,7 @@ The contact''s internal id.'; -- Name: COLUMN contact.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.contact.created_at IS '@omit create +COMMENT ON COLUMN maevsi.contact.created_at IS '@omit create,update Timestamp of when the contact was created, defaults to the current timestamp.'; @@ -1970,7 +1970,7 @@ The event group''s internal id.'; -- Name: COLUMN event_group.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event_group.created_at IS '@omit create +COMMENT ON COLUMN maevsi.event_group.created_at IS '@omit create,update Timestamp of when the event group was created, defaults to the current timestamp.'; @@ -2087,7 +2087,7 @@ The invitations''s internal id.'; -- Name: COLUMN invitation.created_at; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.invitation.created_at IS '@omit create +COMMENT ON COLUMN maevsi.invitation.created_at IS '@omit create,update Timestamp of when the invitation was created, defaults to the current timestamp.'; diff --git a/src/deploy/table_account_preference_event_size.sql b/src/deploy/table_account_preference_event_size.sql index 5f05fd81..a1ff33a3 100644 --- a/src/deploy/table_account_preference_event_size.sql +++ b/src/deploy/table_account_preference_event_size.sql @@ -10,7 +10,7 @@ CREATE TABLE maevsi.account_preference_event_size ( ); COMMENT ON TABLE maevsi.account_preference_event_size IS 'Table for the user accounts'' preferred event sizes (M:N relationship).'; -COMMENT ON COLUMN maevsi.account_preference_event_size.created_at IS E'@omit create\nTimestamp of when the event size preference was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.account_preference_event_size.created_at IS E'@omit create,update\nTimestamp of when the event size preference was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.account_preference_event_size.account_id IS 'The account''s internal id.'; COMMENT ON COLUMN maevsi.account_preference_event_size.event_size IS 'A preferred event sized'; diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index c1d4da88..ea294320 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -22,7 +22,7 @@ CREATE TABLE maevsi.contact ( COMMENT ON TABLE maevsi.contact IS 'Contact data.'; COMMENT ON COLUMN maevsi.contact.id IS E'@omit create,update\nThe contact''s internal id.'; -COMMENT ON COLUMN maevsi.contact.created_at IS E'@omit create\nTimestamp of when the contact was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.contact.created_at IS E'@omit create,update\nTimestamp of when the contact was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.contact.account_id IS 'The contact account''s id.'; COMMENT ON COLUMN maevsi.contact.address IS 'The contact''s physical address.'; COMMENT ON COLUMN maevsi.contact.author_account_id IS 'The contact author''s id.'; diff --git a/src/deploy/table_event.sql b/src/deploy/table_event.sql index 4a3f11cf..8c219528 100644 --- a/src/deploy/table_event.sql +++ b/src/deploy/table_event.sql @@ -23,7 +23,7 @@ CREATE TABLE maevsi.event ( COMMENT ON TABLE maevsi.event IS 'An event.'; COMMENT ON COLUMN maevsi.event.id IS E'@omit create,update\nThe event''s internal id.'; -COMMENT ON COLUMN maevsi.event.created_at IS E'@omit create\nTimestamp of when the event was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.event.created_at IS E'@omit create,update\nTimestamp of when the event was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.event.author_account_id IS 'The event author''s id.'; COMMENT ON COLUMN maevsi.event.description IS 'The event''s description.'; COMMENT ON COLUMN maevsi.event.end IS 'The event''s end date and time, with timezone.'; diff --git a/src/deploy/table_event_group.sql b/src/deploy/table_event_group.sql index 4b8cb124..d730c314 100644 --- a/src/deploy/table_event_group.sql +++ b/src/deploy/table_event_group.sql @@ -14,7 +14,7 @@ CREATE TABLE maevsi.event_group ( COMMENT ON TABLE maevsi.event_group IS 'A group of events.'; COMMENT ON COLUMN maevsi.event_group.id IS E'@omit create,update\nThe event group''s internal id.'; -COMMENT ON COLUMN maevsi.event_group.created_at IS E'@omit create\nTimestamp of when the event group was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.event_group.created_at IS E'@omit create,update\nTimestamp of when the event group was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.event_group.author_account_id IS 'The event group author''s id.'; COMMENT ON COLUMN maevsi.event_group.description IS 'The event group''s description.'; COMMENT ON COLUMN maevsi.event_group.is_archived IS 'Indicates whether the event group is archived.'; diff --git a/src/deploy/table_invitation.sql b/src/deploy/table_invitation.sql index cf0f61a0..797ad560 100644 --- a/src/deploy/table_invitation.sql +++ b/src/deploy/table_invitation.sql @@ -14,7 +14,7 @@ CREATE TABLE maevsi.invitation ( COMMENT ON TABLE maevsi.invitation IS 'An invitation for a contact. A bidirectional mapping between an event and a contact.'; COMMENT ON COLUMN maevsi.invitation.id IS E'@omit create,update\nThe invitations''s internal id.'; -COMMENT ON COLUMN maevsi.invitation.created_at IS E'@omit create\nTimestamp of when the invitation was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.invitation.created_at IS E'@omit create,update\nTimestamp of when the invitation was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.invitation.contact_id IS 'The contact''s internal id for which the invitation is valid.'; COMMENT ON COLUMN maevsi.invitation.event_id IS 'The event''s internal id for which the invitation is valid.'; COMMENT ON COLUMN maevsi.invitation.feedback IS 'The invitation''s general feedback status.'; diff --git a/src/deploy/table_upload.sql b/src/deploy/table_upload.sql index de1c4ab0..c3a45ee2 100644 --- a/src/deploy/table_upload.sql +++ b/src/deploy/table_upload.sql @@ -11,7 +11,7 @@ CREATE TABLE maevsi.upload ( COMMENT ON TABLE maevsi.upload IS 'An upload.'; COMMENT ON COLUMN maevsi.upload.id IS E'@omit create,update\nThe upload''s internal id.'; -COMMENT ON COLUMN maevsi.upload.created_at IS E'@omit create\nTimestamp of when the upload was created, defaults to the current timestamp.'; +COMMENT ON COLUMN maevsi.upload.created_at IS E'@omit create,update\nTimestamp of when the upload was created, defaults to the current timestamp.'; COMMENT ON COLUMN maevsi.upload.account_id IS 'The uploader''s account id.'; COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; From 846ccb5c96d266ae68cec7433891750f6677caba Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 06:23:43 +0000 Subject: [PATCH 079/105] chore(release): 4.5.1 [skip ci] ## [4.5.1](https://github.com/maevsi/sqitch/compare/4.5.0...4.5.1) (2024-12-12) ### Bug Fixes * **legal-term-acceptance:** omit update and delete ([555e031](https://github.com/maevsi/sqitch/commit/555e031c96e3a83ae41e3b03dd5c2de72e51780f)) * omit update for creation timestamps ([084ad1e](https://github.com/maevsi/sqitch/commit/084ad1e7f89dfcfd890fde76f3d5baa9dffe1cd8)) --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 448ce0ff..1d2ee60b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [4.5.1](https://github.com/maevsi/sqitch/compare/4.5.0...4.5.1) (2024-12-12) + +### Bug Fixes + +* **legal-term-acceptance:** omit update and delete ([555e031](https://github.com/maevsi/sqitch/commit/555e031c96e3a83ae41e3b03dd5c2de72e51780f)) +* omit update for creation timestamps ([084ad1e](https://github.com/maevsi/sqitch/commit/084ad1e7f89dfcfd890fde76f3d5baa9dffe1cd8)) + ## [4.5.0](https://github.com/maevsi/sqitch/compare/4.4.0...4.5.0) (2024-12-12) ### Features diff --git a/package.json b/package.json index f8d421ed..6e069748 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.5.0", + "version": "4.5.1", "private": true, "engines": { "node": "22" From be9f280b1734fe09f1713cf180cc9c7f44dbf620 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 07:43:04 +0100 Subject: [PATCH 080/105] test(dx): add command to seed data for development Resolves https://github.com/maevsi/sqitch/issues/16 --- README.md | 2 + test/data.patch | 237 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 239 insertions(+) create mode 100644 test/data.patch diff --git a/README.md b/README.md index 8862a933..d28facd2 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,8 @@ For example, run `./sqitch deploy` to fill the database with structure like tabl In case you want to be able to simple call `sqitch deploy` without `./` instead, add an `alias sqitch="./sqitch"` to your shell configuration (`~/.bashrc`, `~/.zshrc`, ...). +The `test` directory contains the `data.patch` file that can be applied by running `git apply data.patch` to add basic test data to your working directory. + ## Database Diagram This diagram shows the structure of maevsi's database. diff --git a/test/data.patch b/test/data.patch new file mode 100644 index 00000000..3e7a2ca7 --- /dev/null +++ b/test/data.patch @@ -0,0 +1,237 @@ +diff --git a/src/deploy/data_test.sql b/src/deploy/data_test.sql +new file mode 100644 +index 0000000..5276242 +--- /dev/null ++++ b/src/deploy/data_test.sql +@@ -0,0 +1,191 @@ ++-- Deploy maevsi:data_test to pg ++BEGIN; ++ ++DO $$ ++DECLARE _account_id_jonas UUID; ++ ++_account_id_peter UUID; ++ ++_contact_id_jonas UUID; ++ ++_contact_id_peter UUID; ++ ++BEGIN ++SELECT maevsi.account_registration( ++ 'jonas', ++ 'mail+sqitch-1@maev.si', ++ 'testtest', ++ 'en' ++ ) INTO _account_id_jonas; ++ ++PERFORM maevsi.account_email_address_verification( ++ ( ++ SELECT email_address_verification ++ FROM maevsi_private.account ++ WHERE id = _account_id_jonas ++ ) ++); ++ ++SELECT maevsi.account_registration( ++ 'peter', ++ 'mail+sqitch-2@maev.si', ++ 'testtest', ++ 'de' ++ ) INTO _account_id_peter; ++ ++SELECT id ++FROM maevsi.contact ++WHERE account_id = _account_id_jonas ++ AND author_account_id = _account_id_jonas INTO _contact_id_jonas; ++ ++SELECT id ++FROM maevsi.contact ++WHERE account_id = _account_id_peter ++ AND author_account_id = _account_id_peter INTO _contact_id_peter; ++ ++INSERT INTO maevsi.contact ( ++ "id", ++ "address", ++ "email_address", ++ "first_name", ++ "last_name", ++ "author_account_id" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a5a', ++ e'A B\n12345 D', ++ 'mail+sqitch-3@maev.si', ++ 'Max', ++ 'Mustermann', ++ _account_id_jonas ++ ); ++ ++INSERT INTO maevsi.event ( ++ "id", ++ "name", ++ "slug", ++ "visibility", ++ "invitee_count_maximum", ++ "author_account_id", ++ "description", ++ "start", ++ "end" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6a', ++ 'Limited', ++ 'limited', ++ 'public', ++ 2, ++ _account_id_jonas, ++ 'Event with limited capacity.', ++ '2020-11-23 02:00:00.000000+00', ++ '2020-11-23 09:00:00.000000+00' ++ ); ++ ++INSERT INTO maevsi.event ( ++ "id", ++ "name", ++ "slug", ++ "visibility", ++ "author_account_id", ++ "start", ++ "end" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6b', ++ 'Foreign Invited', ++ 'foreign-invited', ++ 'public', ++ _account_id_peter, ++ '2020-11-27 03:54:29.090009+00', ++ '2020-11-27 05:56:23.090009+00' ++ ); ++ ++INSERT INTO maevsi.event ( ++ "id", ++ "name", ++ "slug", ++ "visibility", ++ "author_account_id", ++ "start", ++ "end" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6c', ++ 'Foreign Uninvited', ++ 'foreign-uninvited', ++ 'public', ++ _account_id_peter, ++ '2020-11-27 03:54:29.090009+00', ++ '2020-11-27 05:56:23.090009+00' ++ ); ++ ++INSERT INTO maevsi.event ( ++ "id", ++ "name", ++ "slug", ++ "visibility", ++ "author_account_id", ++ "description", ++ "location", ++ "start" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6d', ++ 'Private Party', ++ 'e2', ++ 'private', ++ _account_id_jonas, ++ 'Offices parties lasting outward nothing age few resolve. Impression to discretion understood to we interested he excellence. Him remarkably use projection collecting. Going about eat forty world has round miles. Attention affection at my preferred offending shameless me if agreeable. Life lain held calm and true neat she. Much feet each so went no from. Truth began maids linen an mr to after.', ++ 'Schutz- und Grillhütte Frommershausen, 34246 Vellmar', ++ '2019-11-27 03:54:29.090009+00' ++ ); ++ ++INSERT INTO maevsi.invitation ( ++ "id", ++ "event_id", ++ "contact_id", ++ "feedback", ++ "feedback_paper" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a7a', ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6a', ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a5a', ++ 'accepted', ++ 'paper' ++ ); ++ ++INSERT INTO maevsi.invitation ( ++ "id", ++ "event_id", ++ "contact_id", ++ "feedback", ++ "feedback_paper" ++ ) ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a7b', ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6d', ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a5a', ++ 'canceled', ++ 'digital' ++ ); ++ ++INSERT INTO maevsi.invitation ("id", "event_id", "contact_id") ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a7c', ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6b', ++ _contact_id_jonas ++ ); ++ ++INSERT INTO maevsi.invitation ("id", "event_id", "contact_id") ++VALUES ( ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a7d', ++ '59462df6-10a9-11ea-bf8e-0f50c4d91a6a', ++ _contact_id_peter ++ ); ++ ++END $$; ++ ++COMMIT; +diff --git a/src/revert/data_test.sql b/src/revert/data_test.sql +new file mode 100644 +index 0000000..50ae98c +--- /dev/null ++++ b/src/revert/data_test.sql +@@ -0,0 +1,12 @@ ++-- Revert maevsi:data_test from pg ++ ++BEGIN; ++ ++DELETE FROM maevsi.profile_picture; ++DELETE FROM maevsi.upload; ++DELETE FROM maevsi.invitation; ++DELETE FROM maevsi.event; ++DELETE FROM maevsi.contact; ++DELETE FROM maevsi_private.account; ++ ++COMMIT; +diff --git a/src/sqitch.plan b/src/sqitch.plan +index 8419403..ed1309a 100644 +--- a/src/sqitch.plan ++++ b/src/sqitch.plan +@@ -76,3 +76,4 @@ table_account_social_network_policy [schema_public table_account_social_network + enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. + table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). + table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. ++data_test 1970-01-01T00:00:00Z Jonas Thelemann # Add test data. +diff --git a/src/verify/data_test.sql b/src/verify/data_test.sql +new file mode 100644 +index 0000000..274d00b +--- /dev/null ++++ b/src/verify/data_test.sql +@@ -0,0 +1,7 @@ ++-- Verify maevsi:data_test on pg ++ ++BEGIN; ++ ++ ++ ++ROLLBACK; From e3432fb35ae4c300e4a5e86427927dea5d31babc Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 08:31:05 +0000 Subject: [PATCH 081/105] chore(release): 4.6.0 [skip ci] ## [4.6.0](https://github.com/maevsi/sqitch/compare/4.5.1...4.6.0) (2024-12-12) ### Features * **invitation:** add update metadata ([f493fe4](https://github.com/maevsi/sqitch/commit/f493fe4d6c5e5127a0cad253768c864fcdfe296b)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d2ee60b..07cecb74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.6.0](https://github.com/maevsi/sqitch/compare/4.5.1...4.6.0) (2024-12-12) + +### Features + +* **invitation:** add update metadata ([f493fe4](https://github.com/maevsi/sqitch/commit/f493fe4d6c5e5127a0cad253768c864fcdfe296b)) + ## [4.5.1](https://github.com/maevsi/sqitch/compare/4.5.0...4.5.1) (2024-12-12) ### Bug Fixes diff --git a/package.json b/package.json index 6e069748..43bd6ee5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.5.1", + "version": "4.6.0", "private": true, "engines": { "node": "22" From 23eb8f4fbc169117e928c3b75a33635d7d970ff3 Mon Sep 17 00:00:00 2001 From: Sven Thelemann Date: Thu, 12 Dec 2024 10:13:07 +0100 Subject: [PATCH 082/105] feat(event_upload): adjust policies. The policy for selecting from table event_update has been modified. Some minor adjustments to column comments for the same table. --- schema/schema.definition.sql | 12 +++++++----- src/deploy/table_event_upload.sql | 6 +++--- src/deploy/table_event_upload_policy.sql | 8 ++++---- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 4c5f29ef..dfd0f7f6 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2002,21 +2002,24 @@ COMMENT ON TABLE maevsi.event_upload IS 'An assignment of an uploaded content (e -- Name: COLUMN event_upload.id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event_upload.id IS '@omit insert,update\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.id IS '@omit create,update +The event''s internal id for which the invitation is valid.'; -- -- Name: COLUMN event_upload.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update,delete\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update,delete +The event''s internal id for which the invitation is valid.'; -- -- Name: COLUMN event_upload.upload_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update,delete\nThe internal id of the uploaded content.'; +COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update,delete +The internal id of the uploaded content.'; -- @@ -3958,8 +3961,7 @@ CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( -- CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ((event_id IN ( SELECT event.id - FROM maevsi.event - WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))); + FROM maevsi.event))); -- diff --git a/src/deploy/table_event_upload.sql b/src/deploy/table_event_upload.sql index 9f13ac68..2c8702e2 100644 --- a/src/deploy/table_event_upload.sql +++ b/src/deploy/table_event_upload.sql @@ -10,8 +10,8 @@ CREATE TABLE maevsi.event_upload ( ); COMMENT ON TABLE maevsi.event_upload IS 'An assignment of an uploaded content (e.g. an image) to an event.'; -COMMENT ON COLUMN maevsi.event_upload.id IS '@omit insert,update\nThe event''s internal id for which the invitation is valid.'; -COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update,delete\nThe event''s internal id for which the invitation is valid.'; -COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update,delete\nThe internal id of the uploaded content.'; +COMMENT ON COLUMN maevsi.event_upload.id IS E'@omit create,update\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.event_id IS E'@omit update,delete\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.upload_id IS E'@omit update,delete\nThe internal id of the uploaded content.'; END; diff --git a/src/deploy/table_event_upload_policy.sql b/src/deploy/table_event_upload_policy.sql index f0005c23..65e09ff2 100644 --- a/src/deploy/table_event_upload_policy.sql +++ b/src/deploy/table_event_upload_policy.sql @@ -7,15 +7,15 @@ GRANT INSERT, DELETE ON TABLE maevsi.event_upload TO maevsi_account; ALTER TABLE maevsi.event_upload ENABLE ROW LEVEL SECURITY; --- Only select rows with events authored by the current user. +-- Only select rows for accessable events where accessability is spcified +-- by the event_select policy for table event. CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ( event_id IN ( SELECT id FROM maevsi.event - WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID ) ); --- Only allow inserts for events authored by the current user und uploads of the current_user0. +-- Only allow inserts for events authored by the current user and for uploads of the current_user0. CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( event_id IN ( SELECT id FROM maevsi.event @@ -28,7 +28,7 @@ CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( ) ); --- Only allow deletes if events is authored by the current user und uploads of the current_user. +-- Only allow deletes if event is authored by the current user. CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ( event_id IN ( SELECT id FROM maevsi.event From 6ac75ac03d73bdf6daed20e3bf47668fe9a45e22 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 09:51:44 +0100 Subject: [PATCH 083/105] fix(invitation-flat): work in feedback --- schema/schema.definition.sql | 22 ++++++++---- src/deploy/view_invitation_flat.sql | 54 +++++++++++++++++++---------- src/revert/view_invitation_flat.sql | 2 -- src/sqitch.plan | 2 +- src/verify/view_invitation_flat.sql | 39 +++++++++++++++------ 5 files changed, 81 insertions(+), 38 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index f1da8341..a26fa357 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2024,12 +2024,13 @@ COMMENT ON COLUMN maevsi.invitation.feedback_paper IS 'The invitation''s paper f -- Name: invitation_flat; Type: VIEW; Schema: maevsi; Owner: postgres -- -CREATE VIEW maevsi.invitation_flat AS - SELECT i.id, - i.contact_id, - i.event_id, - i.feedback, - i.feedback_paper, +CREATE VIEW maevsi.invitation_flat WITH (security_invoker='true') AS + SELECT i.id AS invitation_id, + i.contact_id AS invitation_contact_id, + i.event_id AS invitation_event_id, + i.feedback AS invitation_feedback, + i.feedback_paper AS invitation_feedback_paper, + c.id AS contact_id, c.account_id AS contact_account_id, c.address AS contact_address, c.author_account_id AS contact_author_account_id, @@ -2039,6 +2040,7 @@ CREATE VIEW maevsi.invitation_flat AS c.last_name AS contact_last_name, c.phone_number AS contact_phone_number, c.url AS contact_url, + e.id AS event_id, e.author_account_id AS event_author_account_id, e.description AS event_description, e.start AS event_start, @@ -4639,6 +4641,14 @@ GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE maevsi.invitation TO maevsi_account; GRANT SELECT,UPDATE ON TABLE maevsi.invitation TO maevsi_anonymous; +-- +-- Name: TABLE invitation_flat; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT ON TABLE maevsi.invitation_flat TO maevsi_account; +GRANT SELECT ON TABLE maevsi.invitation_flat TO maevsi_anonymous; + + -- -- Name: TABLE legal_term; Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/view_invitation_flat.sql b/src/deploy/view_invitation_flat.sql index b0b88cfa..ecbe5a30 100644 --- a/src/deploy/view_invitation_flat.sql +++ b/src/deploy/view_invitation_flat.sql @@ -1,26 +1,42 @@ --- Deploy maevsi:view_invitation_flat to pg --- requires: schema_public --- requires: table_invitation --- requires: table_contact - BEGIN; -CREATE VIEW maevsi.invitation_flat AS -SELECT i.*, - c.account_id as contact_account_id, c.address as contact_address, - c.author_account_id as contact_author_account_id, - c.email_address as contact_email_address, c.email_address_hash as contact_email_address_hash, - c.first_name as contact_first_name , c.last_name as contact_last_name, - c.phone_number as contact_phone_number, c.url as contact_url, - e.author_account_id as event_author_account_id, e.description as event_description, - e.start as event_start, e.end event_end, e.invitee_count_maximum as event_invitee_count_maximum, - e.is_archived as event_is_archived, e.is_in_person as event_is_in_person, e.is_remote as event_is_remote, - e.location as event_location, e.name as event_name, e.slug as event_slug, e.url as event_url, - e.visibility as event_visibility +CREATE VIEW maevsi.invitation_flat +WITH (security_invoker) +AS SELECT + i.id AS invitation_id, + i.contact_id AS invitation_contact_id, + i.event_id AS invitation_event_id, + i.feedback AS invitation_feedback, + i.feedback_paper AS invitation_feedback_paper, + c.id AS contact_id, + c.account_id AS contact_account_id, + c.address AS contact_address, + c.author_account_id AS contact_author_account_id, + c.email_address AS contact_email_address, + c.email_address_hash AS contact_email_address_hash, + c.first_name AS contact_first_name , + c.last_name AS contact_last_name, + c.phone_number AS contact_phone_number, + c.url AS contact_url, + e.id AS event_id, + e.author_account_id AS event_author_account_id, + e.description AS event_description, + e.start AS event_start, + e.end AS event_end, + e.invitee_count_maximum AS event_invitee_count_maximum, + e.is_archived AS event_is_archived, + e.is_in_person AS event_is_in_person, + e.is_remote AS event_is_remote, + e.location AS event_location, + e.name AS event_name, + e.slug AS event_slug, + e.url AS event_url, + e.visibility AS event_visibility FROM maevsi.invitation i JOIN maevsi.contact c ON i.contact_id = c.id - JOIN maevsi.event e ON i.event_id = e.id -; + JOIN maevsi.event e ON i.event_id = e.id; COMMENT ON VIEW maevsi.invitation_flat IS 'View returning flattened invitations.'; +GRANT SELECT ON maevsi.invitation_flat TO maevsi_account, maevsi_anonymous; + END; diff --git a/src/revert/view_invitation_flat.sql b/src/revert/view_invitation_flat.sql index 6c24164e..3906ba4b 100644 --- a/src/revert/view_invitation_flat.sql +++ b/src/revert/view_invitation_flat.sql @@ -1,5 +1,3 @@ --- Revert maevsi:view_invitation_flat from pg - BEGIN; DROP VIEW maevsi.invitation_flat; diff --git a/src/sqitch.plan b/src/sqitch.plan index b91aa5d5..2495620e 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -75,4 +75,4 @@ table_account_social_network_policy [schema_public table_account_social_network enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. -view_invitation_flat [schema_public table_invitation table_contact role_account] 1970-01-01T00:00:00Z Sven Thelemann # View returning flattened invitations +view_invitation_flat [schema_public table_invitation table_contact table_event role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # View returning flattened invitations. diff --git a/src/verify/view_invitation_flat.sql b/src/verify/view_invitation_flat.sql index 905c17c6..1eadd915 100644 --- a/src/verify/view_invitation_flat.sql +++ b/src/verify/view_invitation_flat.sql @@ -1,16 +1,35 @@ --- Verify maevsi:view_invitation_flat on pg - BEGIN; SELECT - id, contact_id, event_id, feedback, feedback_paper, - contact_account_id, contact_address, contact_author_account_id, - contact_email_address, contact_email_address_hash, - contact_first_name, contact_last_name, contact_phone_number, contact_url, - event_author_account_id, event_description, - event_start, event_end, event_invitee_count_maximum, - event_is_archived, event_is_in_person, event_is_remote, - event_location, event_name, event_slug, event_url, event_visibility + invitation_id, + invitation_contact_id, + invitation_event_id, + invitation_feedback, + invitation_feedback_paper, + contact_id, + contact_account_id, + contact_address, + contact_author_account_id, + contact_email_address, + contact_email_address_hash, + contact_first_name, + contact_last_name, + contact_phone_number, + contact_url, + event_id, + event_author_account_id, + event_description, + event_start, + event_end, + event_invitee_count_maximum, + event_is_archived, + event_is_in_person, + event_is_remote, + event_location, + event_name, + event_slug, + event_url, + event_visibility FROM maevsi.invitation_flat WHERE FALSE; ROLLBACK; From 65a83957cf7f40f3d775c05c18edcf0de2658a48 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 09:44:06 +0000 Subject: [PATCH 084/105] chore(release): 4.7.0 [skip ci] ## [4.7.0](https://github.com/maevsi/sqitch/compare/4.6.0...4.7.0) (2024-12-12) ### Features * **invitation:** column names prefixed ([2e29431](https://github.com/maevsi/sqitch/commit/2e294319a7b651deb1b472953ebb3ee770c5a5c6)) * **invitation:** provide flattened invitations ([119b0dd](https://github.com/maevsi/sqitch/commit/119b0dd3c7337db9688a78778eb8a9484e6d3785)) ### Bug Fixes * **invitation-flat:** work in feedback ([6ac75ac](https://github.com/maevsi/sqitch/commit/6ac75ac03d73bdf6daed20e3bf47668fe9a45e22)) --- CHANGELOG.md | 11 +++++++++++ package.json | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07cecb74..dbcf7112 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## [4.7.0](https://github.com/maevsi/sqitch/compare/4.6.0...4.7.0) (2024-12-12) + +### Features + +* **invitation:** column names prefixed ([2e29431](https://github.com/maevsi/sqitch/commit/2e294319a7b651deb1b472953ebb3ee770c5a5c6)) +* **invitation:** provide flattened invitations ([119b0dd](https://github.com/maevsi/sqitch/commit/119b0dd3c7337db9688a78778eb8a9484e6d3785)) + +### Bug Fixes + +* **invitation-flat:** work in feedback ([6ac75ac](https://github.com/maevsi/sqitch/commit/6ac75ac03d73bdf6daed20e3bf47668fe9a45e22)) + ## [4.6.0](https://github.com/maevsi/sqitch/compare/4.5.1...4.6.0) (2024-12-12) ### Features diff --git a/package.json b/package.json index 43bd6ee5..7dc0f0ae 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.6.0", + "version": "4.7.0", "private": true, "engines": { "node": "22" From 678ddfce330171ab340bd112f2734d1ab304559b Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 10:58:05 +0100 Subject: [PATCH 085/105] fix(event-upload): work in feedback --- schema/schema.definition.sql | 25 ++++++++++++------------ src/deploy/table_event_upload.sql | 8 ++++---- src/deploy/table_event_upload_policy.sql | 6 ++---- src/deploy/table_upload.sql | 9 +++++---- src/revert/table_event_upload.sql | 2 -- src/revert/table_event_upload_policy.sql | 2 -- src/sqitch.plan | 4 ++-- src/verify/table_event_upload.sql | 3 --- src/verify/table_event_upload_policy.sql | 2 -- src/verify/table_upload.sql | 4 ++-- 10 files changed, 28 insertions(+), 37 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index dfd0f7f6..348a872e 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -1406,10 +1406,11 @@ COMMENT ON FUNCTION maevsi.trigger_invitation_update() IS 'Checks if the caller CREATE TABLE maevsi.upload ( id uuid DEFAULT gen_random_uuid() NOT NULL, account_id uuid NOT NULL, + name text, size_byte bigint NOT NULL, storage_key text, - file_name text, - file_type text DEFAULT 'image'::text NOT NULL, + type text DEFAULT 'image'::text NOT NULL, + CONSTRAINT upload_name_check CHECK (((char_length(name) > 0) AND (char_length(name) < 300))), CONSTRAINT upload_size_byte_check CHECK ((size_byte > 0)) ); @@ -1439,31 +1440,31 @@ COMMENT ON COLUMN maevsi.upload.account_id IS 'The uploader''s account id.'; -- --- Name: COLUMN upload.size_byte; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN upload.name; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; +COMMENT ON COLUMN maevsi.upload.name IS 'The name of the uploaded file.'; -- --- Name: COLUMN upload.storage_key; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN upload.size_byte; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; +COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; -- --- Name: COLUMN upload.file_name; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN upload.storage_key; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.upload.file_name IS 'The name of the uploaded file.'; +COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; -- --- Name: COLUMN upload.file_type; Type: COMMENT; Schema: maevsi; Owner: postgres +-- Name: COLUMN upload.type; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.upload.file_type IS 'The type of the uploaded file, default is ''image''.'; +COMMENT ON COLUMN maevsi.upload.type IS 'The type of the uploaded file, default is ''image''.'; -- @@ -2010,7 +2011,7 @@ The event''s internal id for which the invitation is valid.'; -- Name: COLUMN event_upload.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update,delete +COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update The event''s internal id for which the invitation is valid.'; @@ -2018,7 +2019,7 @@ The event''s internal id for which the invitation is valid.'; -- Name: COLUMN event_upload.upload_id; Type: COMMENT; Schema: maevsi; Owner: postgres -- -COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update,delete +COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update The internal id of the uploaded content.'; diff --git a/src/deploy/table_event_upload.sql b/src/deploy/table_event_upload.sql index 2c8702e2..cda1380d 100644 --- a/src/deploy/table_event_upload.sql +++ b/src/deploy/table_event_upload.sql @@ -1,17 +1,17 @@ --- Deploy maevsi:table_event_upload to pg - BEGIN; CREATE TABLE maevsi.event_upload ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + event_id UUID NOT NULL REFERENCES maevsi.event(id), upload_id UUID NOT NULL REFERENCES maevsi.upload(id), + UNIQUE (event_id, upload_id) ); COMMENT ON TABLE maevsi.event_upload IS 'An assignment of an uploaded content (e.g. an image) to an event.'; COMMENT ON COLUMN maevsi.event_upload.id IS E'@omit create,update\nThe event''s internal id for which the invitation is valid.'; -COMMENT ON COLUMN maevsi.event_upload.event_id IS E'@omit update,delete\nThe event''s internal id for which the invitation is valid.'; -COMMENT ON COLUMN maevsi.event_upload.upload_id IS E'@omit update,delete\nThe internal id of the uploaded content.'; +COMMENT ON COLUMN maevsi.event_upload.event_id IS E'@omit update\nThe event''s internal id for which the invitation is valid.'; +COMMENT ON COLUMN maevsi.event_upload.upload_id IS E'@omit update\nThe internal id of the uploaded content.'; END; diff --git a/src/deploy/table_event_upload_policy.sql b/src/deploy/table_event_upload_policy.sql index 65e09ff2..9f68d2b6 100644 --- a/src/deploy/table_event_upload_policy.sql +++ b/src/deploy/table_event_upload_policy.sql @@ -1,5 +1,3 @@ --- Deploy maevsi:table_event_upload_policy to pg - BEGIN; GRANT SELECT ON TABLE maevsi.event_upload TO maevsi_account, maevsi_anonymous; @@ -7,7 +5,7 @@ GRANT INSERT, DELETE ON TABLE maevsi.event_upload TO maevsi_account; ALTER TABLE maevsi.event_upload ENABLE ROW LEVEL SECURITY; --- Only select rows for accessable events where accessability is spcified +-- Only select rows for accessable events where accessability is specified -- by the event_select policy for table event. CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ( event_id IN ( @@ -15,7 +13,7 @@ CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ( ) ); --- Only allow inserts for events authored by the current user and for uploads of the current_user0. +-- Only allow inserts for events authored by the current user and for uploads of the current_user. CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( event_id IN ( SELECT id FROM maevsi.event diff --git a/src/deploy/table_upload.sql b/src/deploy/table_upload.sql index 2f83ff55..c50fd210 100644 --- a/src/deploy/table_upload.sql +++ b/src/deploy/table_upload.sql @@ -6,19 +6,20 @@ BEGIN; CREATE TABLE maevsi.upload ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + account_id UUID NOT NULL REFERENCES maevsi.account(id), + name TEXT CHECK (char_length("name") > 0 AND char_length("name") < 300), size_byte BIGINT NOT NULL CHECK (size_byte > 0), storage_key TEXT UNIQUE, - file_name TEXT, - file_type TEXT NOT NULL DEFAULT 'image' + type TEXT NOT NULL DEFAULT 'image' ); COMMENT ON TABLE maevsi.upload IS 'An upload.'; COMMENT ON COLUMN maevsi.upload.id IS E'@omit create,update\nThe upload''s internal id.'; COMMENT ON COLUMN maevsi.upload.account_id IS 'The uploader''s account id.'; +COMMENT ON COLUMN maevsi.upload.name IS 'The name of the uploaded file.'; COMMENT ON COLUMN maevsi.upload.size_byte IS 'The upload''s size in bytes.'; COMMENT ON COLUMN maevsi.upload.storage_key IS 'The upload''s storage key.'; -COMMENT ON COLUMN maevsi.upload.file_name IS 'The name of the uploaded file.'; -COMMENT ON COLUMN maevsi.upload.file_type IS 'The type of the uploaded file, default is ''image''.'; +COMMENT ON COLUMN maevsi.upload.type IS 'The type of the uploaded file, default is ''image''.'; COMMIT; diff --git a/src/revert/table_event_upload.sql b/src/revert/table_event_upload.sql index 4fea62e3..b8e71493 100644 --- a/src/revert/table_event_upload.sql +++ b/src/revert/table_event_upload.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_upload from pg - BEGIN; DROP TABLE maevsi.event_upload; diff --git a/src/revert/table_event_upload_policy.sql b/src/revert/table_event_upload_policy.sql index fd5fdc09..b88850a2 100644 --- a/src/revert/table_event_upload_policy.sql +++ b/src/revert/table_event_upload_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_upload_policy to pg - BEGIN; DROP POLICY event_upload_select ON maevsi.event_upload; diff --git a/src/sqitch.plan b/src/sqitch.plan index 05c19fab..dc5ee4e2 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -75,5 +75,5 @@ table_account_social_network_policy [schema_public table_account_social_network enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. -table_event_upload [schema_public table_event table_upload] 1970-01-01T00:00:00Z JSven Thelemann # Add table event_upload. -table_event_upload_policy [schema_public table_event_upload table_event table_upload role_account role_anonymous] 1970-01-01T00:00:00Z JSven Thelemann # Grants and policies for table event_upload. +table_event_upload [schema_public table_event table_upload] 1970-01-01T00:00:00Z Sven Thelemann # Add table event_upload. +table_event_upload_policy [schema_public table_event_upload table_event table_upload role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # Grants and policies for table event_upload. diff --git a/src/verify/table_event_upload.sql b/src/verify/table_event_upload.sql index 660bba4c..8845a723 100644 --- a/src/verify/table_event_upload.sql +++ b/src/verify/table_event_upload.sql @@ -1,9 +1,6 @@ --- Verify maevsi:table_event_upload on pg - BEGIN; SELECT id, event_id, upload_id FROM maevsi.event_upload WHERE FALSE; - diff --git a/src/verify/table_event_upload_policy.sql b/src/verify/table_event_upload_policy.sql index 9615eff9..3ee96242 100644 --- a/src/verify/table_event_upload_policy.sql +++ b/src/verify/table_event_upload_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_upload_policy to pg - BEGIN; DO $$ diff --git a/src/verify/table_upload.sql b/src/verify/table_upload.sql index b0501695..f8887d4f 100644 --- a/src/verify/table_upload.sql +++ b/src/verify/table_upload.sql @@ -4,10 +4,10 @@ BEGIN; SELECT id, account_id, + name, size_byte, storage_key, - file_name, - file_type + type FROM maevsi.upload WHERE FALSE; ROLLBACK; From f346097038348fb48bf016be714e938b8d77f90c Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 10:33:42 +0000 Subject: [PATCH 086/105] chore(release): 4.8.0 [skip ci] ## [4.8.0](https://github.com/maevsi/sqitch/compare/4.7.0...4.8.0) (2024-12-12) ### Features * **event_upload:** adjust policies. ([23eb8f4](https://github.com/maevsi/sqitch/commit/23eb8f4fbc169117e928c3b75a33635d7d970ff3)) * **event:** assign images to events ([f4822f8](https://github.com/maevsi/sqitch/commit/f4822f8252089929dea47f3585737d49b19b7c30)) ### Bug Fixes * **event-upload:** work in feedback ([678ddfc](https://github.com/maevsi/sqitch/commit/678ddfce330171ab340bd112f2734d1ab304559b)) --- CHANGELOG.md | 11 +++++++++++ package.json | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dbcf7112..5873900b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## [4.8.0](https://github.com/maevsi/sqitch/compare/4.7.0...4.8.0) (2024-12-12) + +### Features + +* **event_upload:** adjust policies. ([23eb8f4](https://github.com/maevsi/sqitch/commit/23eb8f4fbc169117e928c3b75a33635d7d970ff3)) +* **event:** assign images to events ([f4822f8](https://github.com/maevsi/sqitch/commit/f4822f8252089929dea47f3585737d49b19b7c30)) + +### Bug Fixes + +* **event-upload:** work in feedback ([678ddfc](https://github.com/maevsi/sqitch/commit/678ddfce330171ab340bd112f2734d1ab304559b)) + ## [4.7.0](https://github.com/maevsi/sqitch/compare/4.6.0...4.7.0) (2024-12-12) ### Features diff --git a/package.json b/package.json index 7dc0f0ae..34751ffe 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.7.0", + "version": "4.8.0", "private": true, "engines": { "node": "22" From c41c3b3a11f7954d6c6a7458c402f8631813a2a1 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 12:01:22 +0100 Subject: [PATCH 087/105] refactor(session): add account id helper function --- schema/schema.definition.sql | 115 +++++++++++------- src/deploy/function_account_id.sql | 13 ++ src/deploy/function_achievement_unlock.sql | 2 +- .../function_event_invitee_count_maximum.sql | 4 +- src/deploy/function_event_unlock.sql | 2 +- src/deploy/function_events_invited.sql | 2 +- src/deploy/function_events_organized.sql | 2 +- ...e_account_preference_event_size_policy.sql | 6 +- .../table_account_social_network_policy.sql | 6 +- src/deploy/table_contact.sql | 6 +- src/deploy/table_contact_policy.sql | 20 +-- src/deploy/table_event_policy.sql | 12 +- src/deploy/table_event_upload_policy.sql | 6 +- src/deploy/table_invitation_policy.sql | 18 +-- src/deploy/table_legal_term_acceptance.sql | 8 +- src/deploy/table_profile_picture.sql | 12 +- src/deploy/table_report_policy.sql | 8 +- src/deploy/table_upload_policy.sql | 4 +- src/revert/function_account_id.sql | 5 + src/sqitch.plan | 33 ++--- src/verify/function_account_id.sql | 9 ++ 21 files changed, 176 insertions(+), 117 deletions(-) create mode 100644 src/deploy/function_account_id.sql create mode 100644 src/revert/function_account_id.sql create mode 100644 src/verify/function_account_id.sql diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 5b66fb99..f0c7a728 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -316,6 +316,28 @@ ALTER FUNCTION maevsi.account_email_address_verification(code uuid) OWNER TO pos COMMENT ON FUNCTION maevsi.account_email_address_verification(code uuid) IS 'Sets the account''s email address verification code to `NULL` for which the email address verification code equals the one passed and is up to date.'; +-- +-- Name: account_id(); Type: FUNCTION; Schema: maevsi; Owner: postgres +-- + +CREATE FUNCTION maevsi.account_id() RETURNS uuid + LANGUAGE plpgsql STABLE STRICT SECURITY DEFINER + AS $$ +BEGIN + RETURN NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; +END; +$$; + + +ALTER FUNCTION maevsi.account_id() OWNER TO postgres; + +-- +-- Name: FUNCTION account_id(); Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON FUNCTION maevsi.account_id() IS 'Returns the session''s account id.'; + + -- -- Name: account_password_change(text, text); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -590,7 +612,7 @@ DECLARE _achievement maevsi.achievement_type; _achievement_id UUID; BEGIN - _account_id := NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + _account_id := maevsi.account_id(); SELECT achievement FROM maevsi_private.achievement_code @@ -910,9 +932,9 @@ BEGIN ) ) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - "event".author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + "event".author_account_id = maevsi.account_id() ) OR "event".id IN (SELECT maevsi_private.events_invited()) ) @@ -973,7 +995,7 @@ BEGIN _jwt_id := current_setting('jwt.claims.id', true)::UUID; _jwt := ( _jwt_id, - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID, -- prevent empty string cast to UUID + maevsi.account_id(), -- prevent empty string cast to UUID current_setting('jwt.claims.account_username', true)::TEXT, current_setting('jwt.claims.exp', true)::BIGINT, (SELECT ARRAY(SELECT DISTINCT UNNEST(maevsi.invitation_claim_array() || $1) ORDER BY 1)), @@ -1035,7 +1057,7 @@ CREATE FUNCTION maevsi.events_organized() RETURNS TABLE(event_id uuid) DECLARE account_id UUID; BEGIN - account_id := NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + account_id := maevsi.account_id(); RETURN QUERY SELECT id FROM maevsi.event @@ -1343,15 +1365,15 @@ CREATE FUNCTION maevsi.trigger_contact_update_account_id() RETURNS trigger BEGIN IF ( -- invoked without account it - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NULL + maevsi.account_id() IS NULL OR -- invoked with account it -- and ( -- updating own account's contact - OLD.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + OLD.account_id = maevsi.account_id() AND - OLD.author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + OLD.author_account_id = maevsi.account_id() AND ( -- trying to detach from account @@ -1394,12 +1416,12 @@ BEGIN OLD.id = ANY (maevsi.invitation_claim_array()) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND OLD.contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE contact.account_id = maevsi.account_id() ) ) ) @@ -1414,7 +1436,7 @@ BEGIN RAISE 'You''re only allowed to alter these rows: %!', whitelisted_cols USING ERRCODE = 'insufficient_privilege'; ELSE NEW.updated_at = CURRENT_TIMESTAMP; - NEW.updated_by = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + NEW.updated_by = maevsi.account_id(); RETURN NEW; END IF; END $$; @@ -1616,7 +1638,7 @@ CREATE FUNCTION maevsi_private.events_invited() RETURNS TABLE(event_id uuid) DECLARE jwt_account_id UUID; BEGIN - jwt_account_id := NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + jwt_account_id := maevsi.account_id(); RETURN QUERY SELECT invitation.event_id FROM maevsi.invitation @@ -3969,21 +3991,21 @@ ALTER TABLE maevsi.account_preference_event_size ENABLE ROW LEVEL SECURITY; -- Name: account_preference_event_size account_preference_event_size_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ((account_id = maevsi.account_id())); -- -- Name: account_preference_event_size account_preference_event_size_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ((account_id = maevsi.account_id())); -- -- Name: account_preference_event_size account_preference_event_size_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ((account_id = maevsi.account_id())); -- @@ -4003,21 +4025,21 @@ ALTER TABLE maevsi.account_social_network ENABLE ROW LEVEL SECURITY; -- Name: account_social_network account_social_network_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ((account_id = maevsi.account_id())); -- -- Name: account_social_network account_social_network_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ((account_id = maevsi.account_id())); -- -- Name: account_social_network account_social_network_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ((account_id = maevsi.account_id())); -- @@ -4043,28 +4065,28 @@ ALTER TABLE maevsi.contact ENABLE ROW LEVEL SECURITY; -- Name: contact contact_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_delete ON maevsi.contact FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) AND (account_id IS DISTINCT FROM (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY contact_delete ON maevsi.contact FOR DELETE USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()) AND (account_id IS DISTINCT FROM maevsi.account_id()))); -- -- Name: contact contact_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_insert ON maevsi.contact FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY contact_insert ON maevsi.contact FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); -- -- Name: contact contact_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING (((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid) OR (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))) OR (id IN ( SELECT maevsi.invitation_contact_ids() AS invitation_contact_ids)))); +CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ((((maevsi.account_id() IS NOT NULL) AND ((account_id = maevsi.account_id()) OR (author_account_id = maevsi.account_id()))) OR (id IN ( SELECT maevsi.invitation_contact_ids() AS invitation_contact_ids)))); -- -- Name: contact contact_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); -- @@ -4089,21 +4111,21 @@ ALTER TABLE maevsi.event_grouping ENABLE ROW LEVEL SECURITY; -- Name: event event_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); -- -- Name: event event_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_select ON maevsi.event FOR SELECT USING ((((visibility = 'public'::maevsi.event_visibility) AND ((invitee_count_maximum IS NULL) OR (invitee_count_maximum > maevsi.invitee_count(id)))) OR (((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)) OR (id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); +CREATE POLICY event_select ON maevsi.event FOR SELECT USING ((((visibility = 'public'::maevsi.event_visibility) AND ((invitee_count_maximum IS NULL) OR (invitee_count_maximum > maevsi.invitee_count(id)))) OR ((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id())) OR (id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); -- -- Name: event event_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_update ON maevsi.event FOR UPDATE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY event_update ON maevsi.event FOR UPDATE USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); -- @@ -4118,7 +4140,7 @@ ALTER TABLE maevsi.event_upload ENABLE ROW LEVEL SECURITY; CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ((event_id IN ( SELECT event.id FROM maevsi.event - WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))); + WHERE (event.author_account_id = maevsi.account_id())))); -- @@ -4127,9 +4149,9 @@ CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ((even CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK (((event_id IN ( SELECT event.id FROM maevsi.event - WHERE (event.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))) AND (upload_id IN ( SELECT upload.id + WHERE (event.author_account_id = maevsi.account_id()))) AND (upload_id IN ( SELECT upload.id FROM maevsi.upload - WHERE (upload.account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))))); + WHERE (upload.account_id = maevsi.account_id()))))); -- @@ -4157,27 +4179,27 @@ CREATE POLICY invitation_delete ON maevsi.invitation FOR DELETE USING ((event_id -- Name: invitation invitation_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY invitation_insert ON maevsi.invitation FOR INSERT WITH CHECK (((event_id IN ( SELECT maevsi.events_organized() AS events_organized)) AND ((maevsi.event_invitee_count_maximum(event_id) IS NULL) OR (maevsi.event_invitee_count_maximum(event_id) > maevsi.invitee_count(event_id))) AND (((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (contact_id IN ( SELECT contact.id +CREATE POLICY invitation_insert ON maevsi.invitation FOR INSERT WITH CHECK (((event_id IN ( SELECT maevsi.events_organized() AS events_organized)) AND ((maevsi.event_invitee_count_maximum(event_id) IS NULL) OR (maevsi.event_invitee_count_maximum(event_id) > maevsi.invitee_count(event_id))) AND ((maevsi.account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id FROM maevsi.contact - WHERE (contact.author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))))); + WHERE (contact.author_account_id = maevsi.account_id())))))); -- -- Name: invitation invitation_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY invitation_select ON maevsi.invitation FOR SELECT USING (((id = ANY (maevsi.invitation_claim_array())) OR (((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (contact_id IN ( SELECT contact.id +CREATE POLICY invitation_select ON maevsi.invitation FOR SELECT USING (((id = ANY (maevsi.invitation_claim_array())) OR ((maevsi.account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id FROM maevsi.contact - WHERE (contact.account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); + WHERE (contact.account_id = maevsi.account_id())))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); -- -- Name: invitation invitation_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY invitation_update ON maevsi.invitation FOR UPDATE USING (((id = ANY (maevsi.invitation_claim_array())) OR (((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (contact_id IN ( SELECT contact.id +CREATE POLICY invitation_update ON maevsi.invitation FOR UPDATE USING (((id = ANY (maevsi.invitation_claim_array())) OR ((maevsi.account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id FROM maevsi.contact - WHERE (contact.account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); + WHERE (contact.account_id = maevsi.account_id())))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); -- @@ -4196,14 +4218,14 @@ ALTER TABLE maevsi.legal_term_acceptance ENABLE ROW LEVEL SECURITY; -- Name: legal_term_acceptance legal_term_acceptance_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY legal_term_acceptance_insert ON maevsi.legal_term_acceptance FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY legal_term_acceptance_insert ON maevsi.legal_term_acceptance FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); -- -- Name: legal_term_acceptance legal_term_acceptance_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance FOR SELECT USING (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); -- @@ -4223,14 +4245,14 @@ ALTER TABLE maevsi.profile_picture ENABLE ROW LEVEL SECURITY; -- Name: profile_picture profile_picture_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY profile_picture_delete ON maevsi.profile_picture FOR DELETE USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR (((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)))); +CREATE POLICY profile_picture_delete ON maevsi.profile_picture FOR DELETE USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR ((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id())))); -- -- Name: profile_picture profile_picture_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY profile_picture_insert ON maevsi.profile_picture FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY profile_picture_insert ON maevsi.profile_picture FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); -- @@ -4244,7 +4266,7 @@ CREATE POLICY profile_picture_select ON maevsi.profile_picture FOR SELECT USING -- Name: profile_picture profile_picture_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY profile_picture_update ON maevsi.profile_picture FOR UPDATE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY profile_picture_update ON maevsi.profile_picture FOR UPDATE USING (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); -- @@ -4257,14 +4279,14 @@ ALTER TABLE maevsi.report ENABLE ROW LEVEL SECURITY; -- Name: report report_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY report_insert ON maevsi.report FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY report_insert ON maevsi.report FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); -- -- Name: report report_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY report_select ON maevsi.report FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY report_select ON maevsi.report FOR SELECT USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); -- @@ -4284,7 +4306,7 @@ CREATE POLICY upload_delete_using ON maevsi.upload FOR DELETE USING ((( SELECT C -- Name: upload upload_select_using; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR (((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)) OR (id IN ( SELECT profile_picture.upload_id +CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR ((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id())) OR (id IN ( SELECT profile_picture.upload_id FROM maevsi.profile_picture)))); @@ -4334,6 +4356,15 @@ GRANT ALL ON FUNCTION maevsi.account_email_address_verification(code uuid) TO ma GRANT ALL ON FUNCTION maevsi.account_email_address_verification(code uuid) TO maevsi_anonymous; +-- +-- Name: FUNCTION account_id(); Type: ACL; Schema: maevsi; Owner: postgres +-- + +REVOKE ALL ON FUNCTION maevsi.account_id() FROM PUBLIC; +GRANT ALL ON FUNCTION maevsi.account_id() TO maevsi_account; +GRANT ALL ON FUNCTION maevsi.account_id() TO maevsi_anonymous; + + -- -- Name: FUNCTION account_password_change(password_current text, password_new text); Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/function_account_id.sql b/src/deploy/function_account_id.sql new file mode 100644 index 00000000..c60fe2ab --- /dev/null +++ b/src/deploy/function_account_id.sql @@ -0,0 +1,13 @@ +BEGIN; + +CREATE FUNCTION maevsi.account_id() RETURNS UUID AS $$ +BEGIN + RETURN NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; +END; +$$ LANGUAGE PLPGSQL STRICT SECURITY DEFINER STABLE; + +COMMENT ON FUNCTION maevsi.account_id() IS 'Returns the session''s account id.'; + +GRANT EXECUTE ON FUNCTION maevsi.account_id() TO maevsi_account, maevsi_anonymous; + +COMMIT; diff --git a/src/deploy/function_achievement_unlock.sql b/src/deploy/function_achievement_unlock.sql index 200ca6f8..5b6a4f0a 100644 --- a/src/deploy/function_achievement_unlock.sql +++ b/src/deploy/function_achievement_unlock.sql @@ -9,7 +9,7 @@ DECLARE _achievement maevsi.achievement_type; _achievement_id UUID; BEGIN - _account_id := NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + _account_id := maevsi.account_id(); SELECT achievement FROM maevsi_private.achievement_code diff --git a/src/deploy/function_event_invitee_count_maximum.sql b/src/deploy/function_event_invitee_count_maximum.sql index 571dbd5f..f8a0ada8 100644 --- a/src/deploy/function_event_invitee_count_maximum.sql +++ b/src/deploy/function_event_invitee_count_maximum.sql @@ -20,9 +20,9 @@ BEGIN ) ) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - "event".author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + "event".author_account_id = maevsi.account_id() ) OR "event".id IN (SELECT maevsi_private.events_invited()) ) diff --git a/src/deploy/function_event_unlock.sql b/src/deploy/function_event_unlock.sql index 04eb94a4..e432391d 100644 --- a/src/deploy/function_event_unlock.sql +++ b/src/deploy/function_event_unlock.sql @@ -13,7 +13,7 @@ BEGIN _jwt_id := current_setting('jwt.claims.id', true)::UUID; _jwt := ( _jwt_id, - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID, -- prevent empty string cast to UUID + maevsi.account_id(), -- prevent empty string cast to UUID current_setting('jwt.claims.account_username', true)::TEXT, current_setting('jwt.claims.exp', true)::BIGINT, (SELECT ARRAY(SELECT DISTINCT UNNEST(maevsi.invitation_claim_array() || $1) ORDER BY 1)), diff --git a/src/deploy/function_events_invited.sql b/src/deploy/function_events_invited.sql index 9aec3a54..ff05206e 100644 --- a/src/deploy/function_events_invited.sql +++ b/src/deploy/function_events_invited.sql @@ -5,7 +5,7 @@ RETURNS TABLE (event_id UUID) AS $$ DECLARE jwt_account_id UUID; BEGIN - jwt_account_id := NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + jwt_account_id := maevsi.account_id(); RETURN QUERY SELECT invitation.event_id FROM maevsi.invitation diff --git a/src/deploy/function_events_organized.sql b/src/deploy/function_events_organized.sql index 41f956c0..638be1ef 100644 --- a/src/deploy/function_events_organized.sql +++ b/src/deploy/function_events_organized.sql @@ -5,7 +5,7 @@ RETURNS TABLE (event_id UUID) AS $$ DECLARE account_id UUID; BEGIN - account_id := NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + account_id := maevsi.account_id(); RETURN QUERY SELECT id FROM maevsi.event diff --git a/src/deploy/table_account_preference_event_size_policy.sql b/src/deploy/table_account_preference_event_size_policy.sql index 937424b9..d3b71411 100644 --- a/src/deploy/table_account_preference_event_size_policy.sql +++ b/src/deploy/table_account_preference_event_size_policy.sql @@ -6,17 +6,17 @@ ALTER TABLE maevsi.account_preference_event_size ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current account. CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow inserts by the current account. CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow deletes by the current account. CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_account_social_network_policy.sql b/src/deploy/table_account_social_network_policy.sql index bd576bce..d25859ed 100644 --- a/src/deploy/table_account_social_network_policy.sql +++ b/src/deploy/table_account_social_network_policy.sql @@ -7,17 +7,17 @@ ALTER TABLE maevsi.account_social_network ENABLE ROW LEVEL SECURITY; -- Only allow inserting social links of the current account. CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow updating social links of the current account. CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow deleting social links of the current account.. CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index ea294320..83fea948 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -42,15 +42,15 @@ CREATE FUNCTION maevsi.trigger_contact_update_account_id() RETURNS TRIGGER AS $$ BEGIN IF ( -- invoked without account it - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NULL + maevsi.account_id() IS NULL OR -- invoked with account it -- and ( -- updating own account's contact - OLD.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + OLD.account_id = maevsi.account_id() AND - OLD.author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + OLD.author_account_id = maevsi.account_id() AND ( -- trying to detach from account diff --git a/src/deploy/table_contact_policy.sql b/src/deploy/table_contact_policy.sql index a8ab9a6d..be83c571 100644 --- a/src/deploy/table_contact_policy.sql +++ b/src/deploy/table_contact_policy.sql @@ -10,11 +10,11 @@ ALTER TABLE maevsi.contact ENABLE ROW LEVEL SECURITY; -- Only display contacts for which an accessible invitation exists. CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ( ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() OR - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ) ) OR @@ -23,25 +23,25 @@ CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ( -- Only allow inserts for contacts authored by the invoker's account. CREATE POLICY contact_insert ON maevsi.contact FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ); -- Only allow updates for contacts authored by the invoker's account. CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ); -- Only allow deletes for contacts authored by the invoker's account except for the own account's contact. CREATE POLICY contact_delete ON maevsi.contact FOR DELETE USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() AND - account_id IS DISTINCT FROM NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id IS DISTINCT FROM maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_event_policy.sql b/src/deploy/table_event_policy.sql index 62f34254..b121f349 100644 --- a/src/deploy/table_event_policy.sql +++ b/src/deploy/table_event_policy.sql @@ -20,25 +20,25 @@ CREATE POLICY event_select ON maevsi.event FOR SELECT USING ( ) ) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ) OR id IN (SELECT maevsi_private.events_invited()) ); -- Only allow inserts for events authored by the current user. CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ); -- Only allow updates for events authored by the current user. CREATE POLICY event_update ON maevsi.event FOR UPDATE USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_event_upload_policy.sql b/src/deploy/table_event_upload_policy.sql index 9f68d2b6..cbbf3fbd 100644 --- a/src/deploy/table_event_upload_policy.sql +++ b/src/deploy/table_event_upload_policy.sql @@ -17,12 +17,12 @@ CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ( CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( event_id IN ( SELECT id FROM maevsi.event - WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE author_account_id = maevsi.account_id() ) AND upload_id IN ( SELECT id FROM maevsi.upload - WHERE account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE account_id = maevsi.account_id() ) ); @@ -30,7 +30,7 @@ CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ( event_id IN ( SELECT id FROM maevsi.event - WHERE author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE author_account_id = maevsi.account_id() ) ); diff --git a/src/deploy/table_invitation_policy.sql b/src/deploy/table_invitation_policy.sql index 6c36ebe7..ca2ed432 100644 --- a/src/deploy/table_invitation_policy.sql +++ b/src/deploy/table_invitation_policy.sql @@ -12,12 +12,12 @@ CREATE POLICY invitation_select ON maevsi.invitation FOR SELECT USING ( id = ANY (maevsi.invitation_claim_array()) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE contact.account_id = maevsi.account_id() ) ) OR event_id IN (SELECT maevsi.events_organized()) @@ -35,12 +35,12 @@ CREATE POLICY invitation_insert ON maevsi.invitation FOR INSERT WITH CHECK ( ) AND ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE contact.author_account_id = maevsi.account_id() ) ) ); @@ -52,12 +52,12 @@ CREATE POLICY invitation_update ON maevsi.invitation FOR UPDATE USING ( id = ANY (maevsi.invitation_claim_array()) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE contact.account_id = maevsi.account_id() ) ) OR event_id IN (SELECT maevsi.events_organized()) @@ -78,12 +78,12 @@ BEGIN OLD.id = ANY (maevsi.invitation_claim_array()) OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND OLD.contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE contact.account_id = maevsi.account_id() ) ) ) @@ -98,7 +98,7 @@ BEGIN RAISE 'You''re only allowed to alter these rows: %!', whitelisted_cols USING ERRCODE = 'insufficient_privilege'; ELSE NEW.updated_at = CURRENT_TIMESTAMP; - NEW.updated_by = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; + NEW.updated_by = maevsi.account_id(); RETURN NEW; END IF; END $$ LANGUAGE PLPGSQL STRICT VOLATILE SECURITY INVOKER; diff --git a/src/deploy/table_legal_term_acceptance.sql b/src/deploy/table_legal_term_acceptance.sql index 5002457b..caeaf15a 100644 --- a/src/deploy/table_legal_term_acceptance.sql +++ b/src/deploy/table_legal_term_acceptance.sql @@ -20,15 +20,15 @@ ALTER TABLE maevsi.legal_term_acceptance ENABLE ROW LEVEL SECURITY; -- Allow to select legal term acceptances for the own account. CREATE POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance FOR SELECT USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); CREATE POLICY legal_term_acceptance_insert ON maevsi.legal_term_acceptance FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_profile_picture.sql b/src/deploy/table_profile_picture.sql index 4f90795f..5ec93ce5 100644 --- a/src/deploy/table_profile_picture.sql +++ b/src/deploy/table_profile_picture.sql @@ -24,16 +24,16 @@ CREATE POLICY profile_picture_select ON maevsi.profile_picture FOR SELECT USING -- Only allow inserts with a account id that matches the invoker's account id. CREATE POLICY profile_picture_insert ON maevsi.profile_picture FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow updates to the item with the account id that matches the invoker's account id. CREATE POLICY profile_picture_update ON maevsi.profile_picture FOR UPDATE USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow deletes for the item with the account id that matches the invoker's account id. @@ -41,9 +41,9 @@ CREATE POLICY profile_picture_delete ON maevsi.profile_picture FOR DELETE USING (SELECT current_user) = 'maevsi_tusd' OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ) ); diff --git a/src/deploy/table_report_policy.sql b/src/deploy/table_report_policy.sql index 08a6485d..17965569 100644 --- a/src/deploy/table_report_policy.sql +++ b/src/deploy/table_report_policy.sql @@ -6,16 +6,16 @@ ALTER TABLE maevsi.report ENABLE ROW LEVEL SECURITY; -- Only allow inserts for reports authored by the current user. CREATE POLICY report_insert ON maevsi.report FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ); -- Only allow selects for reports authored by the current user. CREATE POLICY report_select ON maevsi.report FOR SELECT USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + author_account_id = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_upload_policy.sql b/src/deploy/table_upload_policy.sql index fe43dc58..3cc1c8bb 100644 --- a/src/deploy/table_upload_policy.sql +++ b/src/deploy/table_upload_policy.sql @@ -14,9 +14,9 @@ CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING ( (SELECT current_user) = 'maevsi_tusd' OR ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ) OR id IN (SELECT upload_id FROM maevsi.profile_picture) diff --git a/src/revert/function_account_id.sql b/src/revert/function_account_id.sql new file mode 100644 index 00000000..4e828977 --- /dev/null +++ b/src/revert/function_account_id.sql @@ -0,0 +1,5 @@ +BEGIN; + +DROP FUNCTION maevsi.account_id; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 84a70642..a608a042 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -10,6 +10,7 @@ role_tusd [role_postgraphile] 1970-01-01T00:00:00Z Jonas Thelemann # Add public schema. schema_private 1970-01-01T00:00:00Z Jonas Thelemann # Add private schema. extension_pgcrypto [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add extension pgcrypto. +function_account_id [privilege_execute_revoke schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Returns the session's account id. enum_invitation_feedback [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Possible answers to an invitation: accepted, canceled. enum_event_visibility [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Possible visibilities of events and event groups: public, private. table_notification [schema_private] 1970-01-01T00:00:00Z Jonas Thelemann # Notifications that are sent via pg_notify. @@ -18,22 +19,22 @@ table_account_public [schema_public schema_private table_account_private] 1970-0 table_event_group [schema_public role_account role_anonymous table_account_public enum_event_visibility] 1970-01-01T00:00:00Z Jonas Thelemann # Add table event_group. index_event_group_author_username [table_event_group] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event group table's author_username field. table_event [schema_public role_account role_anonymous table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add table event. -function_events_organized [privilege_execute_revoke schema_public table_event role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is the author. +function_events_organized [privilege_execute_revoke schema_public function_account_id table_event role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is the author. function_invitation_claim_array [privilege_execute_revoke schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the current invitation claims as UUID array. index_event_author_username [table_event] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event table's username field. enum_invitation_feedback_paper 1970-01-01T00:00:00Z Jonas Thelemann # Possible choices on how to receive a paper invitation: paper, digital. enum_language [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Supported ISO 639 language codes. -table_contact [schema_public enum_language role_account role_anonymous table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add table contact. +table_contact [schema_public table_account_public enum_language role_account function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Add table contact. table_invitation [schema_public table_event table_contact] 1970-01-01T00:00:00Z Jonas Thelemann # Add table invitation. -function_events_invited [privilege_execute_revoke schema_private schema_public table_invitation table_contact role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. +function_events_invited [privilege_execute_revoke schema_private schema_public function_account_id table_invitation table_contact role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. function_invitation_contact_ids [privilege_execute_revoke schema_public table_invitation function_invitation_claim_array function_events_organized role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. -table_contact_policy [schema_public table_contact role_account role_anonymous function_invitation_contact_ids] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. +table_contact_policy [schema_public table_contact role_account role_anonymous function_account_id function_invitation_contact_ids] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. function_invitee_count [privilege_execute_revoke schema_public table_invitation role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the invitee count for an event. -table_event_policy [schema_public table_event role_account role_anonymous schema_private function_events_invited] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table event. +table_event_policy [schema_public table_event role_account role_anonymous function_invitee_count function_account_id schema_private function_events_invited] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table event. index_invitation_event_id [table_invitation] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the invitation table's event_id field. index_invitation_contact_id [table_invitation] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the invitation table's contact_id field. -function_event_invitee_count_maximum [privilege_execute_revoke schema_public table_event function_invitee_count schema_private function_events_invited role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the maximum invitee count of an accessible event. -table_invitation_policy [schema_public table_invitation role_account role_anonymous function_invitation_claim_array function_events_organized function_event_invitee_count_maximum] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. +function_event_invitee_count_maximum [privilege_execute_revoke schema_public table_event function_invitee_count function_account_id schema_private function_events_invited role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the maximum invitee count of an accessible event. +table_invitation_policy [schema_public table_invitation role_account role_anonymous function_invitation_claim_array function_account_id function_events_organized function_event_invitee_count_maximum] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. table_event_grouping [schema_public role_account role_anonymous table_event table_event_group] 1970-01-01T00:00:00Z Jonas Thelemann # Add table event grouping. index_event_grouping_event_id [table_event_grouping] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event grouping table's event_id field. index_event_grouping_event_group_id [table_event_grouping] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event grouping table's event_group_id field. @@ -43,12 +44,12 @@ table_jwt [schema_private] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function to authenticate accounts. function_account_password_change [privilege_execute_revoke schema_public schema_private role_account table_account_private extension_pgcrypto] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that allows to change an account's password. type_event_unlock_response [schema_public type_jwt] 1970-01-01T00:00:00Z Jonas Thelemann # Add a type that is returned by invitation id redemption. -function_event_unlock [privilege_execute_revoke schema_public table_invitation table_event type_event_unlock_response function_invitation_claim_array type_jwt table_jwt] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that assigns an invitation to the current session +function_event_unlock [privilege_execute_revoke schema_public function_account_id table_event table_invitation function_invitation_claim_array type_jwt table_jwt type_event_unlock_response] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that assigns an invitation to the current session function_jwt_refresh [privilege_execute_revoke schema_public type_jwt table_jwt] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that refreshes tokens. table_upload [schema_public table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # An upload. function_upload_create [privilege_execute_revoke schema_public schema_private role_account table_upload table_account_private] 1970-01-01T00:00:00Z Jonas Thelemann # Creates an upload with the given size if quota is available. -table_profile_picture [schema_public table_account_public table_upload role_account role_anonymous role_tusd] 1970-01-01T00:00:00Z Jonas Thelemann # Mapping of usernames to upload storage keys. -table_upload_policy [schema_public table_upload role_account role_anonymous role_tusd] 1970-01-01T00:00:00Z Jonas Thelemann # Policies for uploads. +table_profile_picture [schema_public table_account_public table_upload role_account role_anonymous role_tusd function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Mapping of usernames to upload storage keys. +table_upload_policy [schema_public table_upload role_account role_anonymous role_tusd function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Policies for uploads. function_profile_picture_set [privilege_execute_revoke schema_public role_account table_profile_picture] 1970-01-01T00:00:00Z Jonas Thelemann # Sets the picture with the given storage key as the invoker's profile picture. function_event_delete [privilege_execute_revoke schema_public role_account table_account_private table_event extension_pgcrypto] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that allows to delete an event. function_account_delete [privilege_execute_revoke schema_public role_account table_account_private table_event extension_pgcrypto] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that allows to delete an account. @@ -65,17 +66,17 @@ role_grafana [database_grafana] 1970-01-01T00:00:00Z Jonas Thelemann # Achievement enumeration. table_achievement_code [schema_private schema_public enum_achievement_type] 1970-01-01T00:00:00Z Jonas Thelemann # Codes that unlock achievements. table_achievement [schema_public table_account_public enum_achievement_type role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Achievement unlocks by user. -function_achievement_unlock [privilege_execute_revoke schema_public enum_achievement_type schema_private table_achievement_code table_achievement role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Unlock achievements. +function_achievement_unlock [privilege_execute_revoke schema_public enum_achievement_type function_account_id schema_private table_achievement_code table_achievement role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Unlock achievements. table_report [schema_public table_account_public table_event table_upload] 1970-01-01T00:00:00Z Marlon # Stores reports made by users on other users, events, or uploads for moderation purposes. -table_report_policy [schema_public table_report role_account] 1970-01-01T00:00:00Z Marlon # Access policies for reports. +table_report_policy [schema_public table_report role_account function_account_id] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. -table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. +table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. enum_social_network [schema_public] 1970-01-01T00:00:00Z sven # Social networks. table_account_social_network [schema_public table_account_public enum_social_network] 1970-01-01T00:00:00Z sven # Links accounts to their social media profiles. -table_account_social_network_policy [schema_public table_account_social_network role_account] 1970-01-01T00:00:00Z sven # Row level security policies for table account_social_network. +table_account_social_network_policy [schema_public table_account_social_network function_account_id role_account] 1970-01-01T00:00:00Z sven # Row level security policies for table account_social_network. enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). -table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. +table_account_preference_event_size_policy [schema_public table_account_preference_event_size function_account_id role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. table_event_upload [schema_public table_event table_upload] 1970-01-01T00:00:00Z Sven Thelemann # Add table event_upload. -table_event_upload_policy [schema_public table_event_upload table_event table_upload role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # Grants and policies for table event_upload. +table_event_upload_policy [schema_public table_event_upload role_account role_anonymous table_event table_upload] 1970-01-01T00:00:00Z Sven Thelemann # Grants and policies for table event_upload. view_invitation_flat [schema_public table_invitation table_contact table_event role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # View returning flattened invitations. diff --git a/src/verify/function_account_id.sql b/src/verify/function_account_id.sql new file mode 100644 index 00000000..b5f28cc8 --- /dev/null +++ b/src/verify/function_account_id.sql @@ -0,0 +1,9 @@ +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.account_id()', 'EXECUTE')); + ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.account_id()', 'EXECUTE')); +END $$; + +ROLLBACK; From 38fda04ca5266476deff8597cb6761ca9f18fd20 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Thu, 12 Dec 2024 13:59:29 +0100 Subject: [PATCH 088/105] chore(recommendation): work in feedback --- schema/schema.definition.sql | 104 ++++++++++++++++-- src/deploy/table_account_interest.sql | 5 - src/deploy/table_account_interest_policy.sql | 11 +- src/deploy/table_event_category.sql | 3 - src/deploy/table_event_category_mapping.sql | 5 - .../table_event_category_mapping_policy.sql | 21 ++-- src/deploy/table_event_category_policy.sql | 6 - src/deploy/table_event_recommendation.sql | 5 - .../table_event_recommendation_policy.sql | 9 +- src/revert/table_account_interest.sql | 2 - src/revert/table_account_interest_policy.sql | 2 - src/revert/table_event_category.sql | 12 +- src/revert/table_event_category_mapping.sql | 2 - .../table_event_category_mapping_policy.sql | 2 - src/revert/table_event_category_policy.sql | 2 - src/revert/table_event_recommendation.sql | 2 - .../table_event_recommendation_policy.sql | 2 - src/verify/privilege_execute_revoke.sql | 2 +- src/verify/table_account_interest.sql | 2 - src/verify/table_account_interest_policy.sql | 2 - src/verify/table_event_category.sql | 14 +-- src/verify/table_event_category_mapping.sql | 2 - .../table_event_category_mapping_policy.sql | 2 - src/verify/table_event_category_policy.sql | 2 - src/verify/table_event_recommendation.sql | 2 - .../table_event_recommendation_policy.sql | 2 - 26 files changed, 118 insertions(+), 107 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 40c8747f..5666f4de 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2233,6 +2233,50 @@ COMMENT ON COLUMN maevsi.event_recommendation.score IS 'An event id.'; COMMENT ON COLUMN maevsi.event_recommendation.predicted_score IS 'The score of the recommendation.'; +-- +-- Name: event_upload; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.event_upload ( + id uuid DEFAULT gen_random_uuid() NOT NULL, + event_id uuid NOT NULL, + upload_id uuid NOT NULL +); + + +ALTER TABLE maevsi.event_upload OWNER TO postgres; + +-- +-- Name: TABLE event_upload; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.event_upload IS 'An assignment of an uploaded content (e.g. an image) to an event.'; + + +-- +-- Name: COLUMN event_upload.id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_upload.id IS '@omit create,update +The event''s internal id for which the invitation is valid.'; + + +-- +-- Name: COLUMN event_upload.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_upload.event_id IS '@omit update +The event''s internal id for which the invitation is valid.'; + + +-- +-- Name: COLUMN event_upload.upload_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_upload.upload_id IS '@omit update +The internal id of the uploaded content.'; + + -- -- Name: invitation; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -3498,6 +3542,22 @@ ALTER TABLE ONLY maevsi.event_recommendation ADD CONSTRAINT event_recommendation_pkey PRIMARY KEY (account_id, event_id); +-- +-- Name: event_upload event_upload_event_id_upload_id_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_event_id_upload_id_key UNIQUE (event_id, upload_id); + + +-- +-- Name: event_upload event_upload_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_pkey PRIMARY KEY (id); + + -- -- Name: invitation invitation_event_id_contact_id_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3975,6 +4035,22 @@ ALTER TABLE ONLY maevsi.event_recommendation ADD CONSTRAINT event_recommendation_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; +-- +-- Name: event_upload event_upload_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id); + + +-- +-- Name: event_upload event_upload_upload_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_upload + ADD CONSTRAINT event_upload_upload_id_fkey FOREIGN KEY (upload_id) REFERENCES maevsi.upload(id); + + -- -- Name: invitation invitation_contact_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -4135,21 +4211,21 @@ ALTER TABLE maevsi.account_interest ENABLE ROW LEVEL SECURITY; -- Name: account_interest account_interest_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ((account_id = maevsi.account_id())); -- -- Name: account_interest account_interest_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ((account_id = maevsi.account_id())); -- -- Name: account_interest account_interest_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ((account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)); +CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ((account_id = maevsi.account_id())); -- @@ -4276,27 +4352,27 @@ ALTER TABLE maevsi.event_category_mapping ENABLE ROW LEVEL SECURITY; -- Name: event_category_mapping event_category_mapping_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (( SELECT event.author_account_id +CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING (((maevsi.account_id() IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); + WHERE (event.id = event_category_mapping.event_id)) = maevsi.account_id()))); -- -- Name: event_category_mapping event_category_mapping_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (( SELECT event.author_account_id +CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); + WHERE (event.id = event_category_mapping.event_id)) = maevsi.account_id()))); -- -- Name: event_category_mapping event_category_mapping_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING (((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (( SELECT event.author_account_id +CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((maevsi.account_id() IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); + WHERE (event.id = event_category_mapping.event_id)) = maevsi.account_id())) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); -- @@ -4328,7 +4404,7 @@ ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; -- Name: event_recommendation event_recommendation_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid))); +CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); -- @@ -5165,6 +5241,14 @@ GRANT SELECT ON TABLE maevsi.event_grouping TO maevsi_anonymous; GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_recommendation TO maevsi_account; +-- +-- Name: TABLE event_upload; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_upload TO maevsi_account; +GRANT SELECT ON TABLE maevsi.event_upload TO maevsi_anonymous; + + -- -- Name: TABLE invitation; Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/table_account_interest.sql b/src/deploy/table_account_interest.sql index 1abcfc96..2eec0a52 100644 --- a/src/deploy/table_account_interest.sql +++ b/src/deploy/table_account_interest.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_account_interest to pg --- requires: schema_public --- requires: table_account_public --- requires: table_event_category - BEGIN; CREATE TABLE maevsi.account_interest ( diff --git a/src/deploy/table_account_interest_policy.sql b/src/deploy/table_account_interest_policy.sql index a57370bc..da216580 100644 --- a/src/deploy/table_account_interest_policy.sql +++ b/src/deploy/table_account_interest_policy.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_account_interest_policy to pg --- requires: schema_public --- requires: table_account_interest --- requires: role_account - BEGIN; GRANT SELECT, INSERT, DELETE ON TABLE maevsi.account_interest TO maevsi_account; @@ -11,17 +6,17 @@ ALTER TABLE maevsi.account_interest ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current account. CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow inserts by the current account. CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); -- Only allow deletes by the current account. CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ( - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_event_category.sql b/src/deploy/table_event_category.sql index 11eef9df..c01cd9bf 100644 --- a/src/deploy/table_event_category.sql +++ b/src/deploy/table_event_category.sql @@ -1,6 +1,3 @@ --- Deploy maevsi:table_event_category to pg --- requires: schema_public - BEGIN; CREATE TABLE maevsi.event_category( diff --git a/src/deploy/table_event_category_mapping.sql b/src/deploy/table_event_category_mapping.sql index e2fa717d..9e1db6d7 100644 --- a/src/deploy/table_event_category_mapping.sql +++ b/src/deploy/table_event_category_mapping.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_event_category_mapping to pg --- requires: schema_public --- requires: table_event --- requires: table_event_category - BEGIN; CREATE TABLE maevsi.event_category_mapping ( diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index 46346358..aa1342b2 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -1,10 +1,3 @@ --- Deploy maevsi:table_event_category_mapping_policy to pg --- requires: schema_public --- requires: table_event_category_mapping --- requires: role_anonymous --- requires: role_account --- requires: table_event - BEGIN; GRANT SELECT ON TABLE maevsi.event_category_mapping TO maevsi_anonymous; @@ -16,9 +9,9 @@ ALTER TABLE maevsi.event_category_mapping ENABLE ROW LEVEL SECURITY; -- Exclude events created by a blocked user and invitated events where the invation comes form a blocked user. CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ( ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND ( - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.account_id() ) ) OR @@ -30,23 +23,23 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR AND event_id NOT IN ( SELECT e.event_id FROM maevsi.event e JOIN maevsi.account_block b ON e.account_id = b.blocked_account_id - WHERE b.account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + WHERE b.account_id = maevsi.account_id() ) */ ); -- Only allow inserts for events authored by user. CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.account_id() ); -- Only allow deletes for events authored by user. CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.account_id() ); COMMIT; diff --git a/src/deploy/table_event_category_policy.sql b/src/deploy/table_event_category_policy.sql index a2ae6e91..12e81b89 100644 --- a/src/deploy/table_event_category_policy.sql +++ b/src/deploy/table_event_category_policy.sql @@ -1,9 +1,3 @@ --- Deploy maevsi:table_event_category_policy to pg --- requires: schema_public --- requires: table_event_category --- requires: role_anonymous --- requires: role_account - BEGIN; GRANT SELECT ON TABLE maevsi.event_category TO maevsi_anonymous, maevsi_account; diff --git a/src/deploy/table_event_recommendation.sql b/src/deploy/table_event_recommendation.sql index 371fdf6e..5921c689 100644 --- a/src/deploy/table_event_recommendation.sql +++ b/src/deploy/table_event_recommendation.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_event_recommendation to pg --- requires: schema_public --- requires: table_account_public --- requires: table_event - BEGIN; CREATE TABLE maevsi.event_recommendation ( diff --git a/src/deploy/table_event_recommendation_policy.sql b/src/deploy/table_event_recommendation_policy.sql index f58cfd7c..156cbb55 100644 --- a/src/deploy/table_event_recommendation_policy.sql +++ b/src/deploy/table_event_recommendation_policy.sql @@ -1,8 +1,3 @@ --- Deploy maevsi:table_event_recommendation_policy to pg --- requires: schema_public --- requires: table_event_recommendation --- requires: role_anonymous - BEGIN; GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_recommendation TO maevsi_account; @@ -11,9 +6,9 @@ ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current user. CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING ( - NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL + maevsi.account_id() IS NOT NULL AND - account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID + account_id = maevsi.account_id() ); COMMIT; diff --git a/src/revert/table_account_interest.sql b/src/revert/table_account_interest.sql index 7a4f3177..1359236b 100644 --- a/src/revert/table_account_interest.sql +++ b/src/revert/table_account_interest.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_account_interest from pg - BEGIN; DROP TABLE maevsi.account_interest; diff --git a/src/revert/table_account_interest_policy.sql b/src/revert/table_account_interest_policy.sql index 754eb33f..b2604c7e 100644 --- a/src/revert/table_account_interest_policy.sql +++ b/src/revert/table_account_interest_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_account_interest_policy from pg - BEGIN; DROP POLICY account_interest_select ON maevsi.account_interest; diff --git a/src/revert/table_event_category.sql b/src/revert/table_event_category.sql index cbf7e910..11c54528 100644 --- a/src/revert/table_event_category.sql +++ b/src/revert/table_event_category.sql @@ -1,7 +1,5 @@ --- Revert maevsi:table_event_category from pg - -BEGIN; - -DROP TABLE maevsi.event_category; - -COMMIT; \ No newline at end of file +BEGIN; + +DROP TABLE maevsi.event_category; + +COMMIT; diff --git a/src/revert/table_event_category_mapping.sql b/src/revert/table_event_category_mapping.sql index a846e122..c0104d8f 100644 --- a/src/revert/table_event_category_mapping.sql +++ b/src/revert/table_event_category_mapping.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_category_mapping from pg - BEGIN; DROP TABLE maevsi.event_category_mapping; diff --git a/src/revert/table_event_category_mapping_policy.sql b/src/revert/table_event_category_mapping_policy.sql index bfe0023f..07325561 100644 --- a/src/revert/table_event_category_mapping_policy.sql +++ b/src/revert/table_event_category_mapping_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_category_mapping_policy from pg - BEGIN; DROP POLICY event_category_mapping_select ON maevsi.event_category_mapping; diff --git a/src/revert/table_event_category_policy.sql b/src/revert/table_event_category_policy.sql index c3d3b283..c4c4836d 100644 --- a/src/revert/table_event_category_policy.sql +++ b/src/revert/table_event_category_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_category_policy from pg - BEGIN; COMMIT; diff --git a/src/revert/table_event_recommendation.sql b/src/revert/table_event_recommendation.sql index 65fd67b3..58928388 100644 --- a/src/revert/table_event_recommendation.sql +++ b/src/revert/table_event_recommendation.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_recommendation from pg - BEGIN; DROP TABLE maevsi.event_recommendation; diff --git a/src/revert/table_event_recommendation_policy.sql b/src/revert/table_event_recommendation_policy.sql index 4484c3e7..2d38bd4b 100644 --- a/src/revert/table_event_recommendation_policy.sql +++ b/src/revert/table_event_recommendation_policy.sql @@ -1,5 +1,3 @@ --- Revert maevsi:table_event_recommendation_policy from pg - BEGIN; DROP POLICY event_recommendation_select ON maevsi.event_recommendation; diff --git a/src/verify/privilege_execute_revoke.sql b/src/verify/privilege_execute_revoke.sql index fd7666be..6d177a04 100644 --- a/src/verify/privilege_execute_revoke.sql +++ b/src/verify/privilege_execute_revoke.sql @@ -1,5 +1,5 @@ BEGIN; --- XXX Add verifications here. +-- TODO: Add verifications here (https://github.com/maevsi/sqitch/issues/22) ROLLBACK; diff --git a/src/verify/table_account_interest.sql b/src/verify/table_account_interest.sql index 72162850..12c34884 100644 --- a/src/verify/table_account_interest.sql +++ b/src/verify/table_account_interest.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_interest on pg - BEGIN; SELECT account_id, diff --git a/src/verify/table_account_interest_policy.sql b/src/verify/table_account_interest_policy.sql index 3f1ad19e..7aef5fd4 100644 --- a/src/verify/table_account_interest_policy.sql +++ b/src/verify/table_account_interest_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_account_interest_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_event_category.sql b/src/verify/table_event_category.sql index 4cfe1bd6..8d180230 100644 --- a/src/verify/table_event_category.sql +++ b/src/verify/table_event_category.sql @@ -1,8 +1,6 @@ --- Verify maevsi:table_event_category pg - -BEGIN; - -SELECT category -FROM maevsi.event_category WHERE FALSE; - -ROLLBACK; \ No newline at end of file +BEGIN; + +SELECT category +FROM maevsi.event_category WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_event_category_mapping.sql b/src/verify/table_event_category_mapping.sql index e716087e..e8955543 100644 --- a/src/verify/table_event_category_mapping.sql +++ b/src/verify/table_event_category_mapping.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_category_mapping on pg - BEGIN; SELECT event_id, diff --git a/src/verify/table_event_category_mapping_policy.sql b/src/verify/table_event_category_mapping_policy.sql index b10b6fc8..297d538f 100644 --- a/src/verify/table_event_category_mapping_policy.sql +++ b/src/verify/table_event_category_mapping_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_category_mapping_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_event_category_policy.sql b/src/verify/table_event_category_policy.sql index 4046d0af..c2c8fa67 100644 --- a/src/verify/table_event_category_policy.sql +++ b/src/verify/table_event_category_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_category_policy on pg - BEGIN; DO $$ diff --git a/src/verify/table_event_recommendation.sql b/src/verify/table_event_recommendation.sql index 26a7b5ca..12516886 100644 --- a/src/verify/table_event_recommendation.sql +++ b/src/verify/table_event_recommendation.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_recommendation on pg - BEGIN; SELECT account_id, diff --git a/src/verify/table_event_recommendation_policy.sql b/src/verify/table_event_recommendation_policy.sql index c1619ae9..29a6ecc4 100644 --- a/src/verify/table_event_recommendation_policy.sql +++ b/src/verify/table_event_recommendation_policy.sql @@ -1,5 +1,3 @@ --- Verify maevsi:table_event_recommendation_policy on pg - BEGIN; DO $$ From 733ca8f667f70f218aa7bc09690582cf52ac8f96 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 12 Dec 2024 13:03:55 +0000 Subject: [PATCH 089/105] chore(release): 4.9.0 [skip ci] ## [4.9.0](https://github.com/maevsi/sqitch/compare/4.8.0...4.9.0) (2024-12-12) ### Features * **event-category-mapping:** check if invited ([4ba7dac](https://github.com/maevsi/sqitch/commit/4ba7dac31bb06937cf01829db9e58d98e9a9c723)) * **policy:** add policy to recommendation tables ([280f47b](https://github.com/maevsi/sqitch/commit/280f47b8fd93ee871f2bd25ba2daeaf5e496b84f)) * **recommendation:** add enum and tables needed for event recommendation ([7fb5e21](https://github.com/maevsi/sqitch/commit/7fb5e21f28fc70ea7bcbb6e764cd54cb5f0a899b)) * **recommendation:** several modifications to db schema ([8581ad0](https://github.com/maevsi/sqitch/commit/8581ad091bea58ff33fab8a31e1c9e8fd2f2c430)) * **revert:** add revert for recommendation tables ([cff0b7f](https://github.com/maevsi/sqitch/commit/cff0b7fdef045ac3f388553f7c4bbffb3a019c78)) * **schema:** fix small errors and build schema ([3183da0](https://github.com/maevsi/sqitch/commit/3183da01587f4b83e646a5158cb8fba42f44a7ff)) * **verify:** add verification for event recommendation tables ([1d6bb59](https://github.com/maevsi/sqitch/commit/1d6bb59a8cd21b4b3bc1c8a48161b3d3ff6226a3)) ### Bug Fixes * **build:** commit forgotten files ([d554d0f](https://github.com/maevsi/sqitch/commit/d554d0fe33d903da55a1b14ff9b35772ebad867b)) * **policy:** fix user check in event category mapping policy ([3dfd96a](https://github.com/maevsi/sqitch/commit/3dfd96ab1949933b6326e1762ee6461ff39eda60)) * **schema:** remove table prefix so schema can be build ([cc5be2d](https://github.com/maevsi/sqitch/commit/cc5be2d7f0db3a251337325ec0b3aa822d0f8482)) --- CHANGELOG.md | 18 ++++++++++++++++++ package.json | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5873900b..77717fbb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +## [4.9.0](https://github.com/maevsi/sqitch/compare/4.8.0...4.9.0) (2024-12-12) + +### Features + +* **event-category-mapping:** check if invited ([4ba7dac](https://github.com/maevsi/sqitch/commit/4ba7dac31bb06937cf01829db9e58d98e9a9c723)) +* **policy:** add policy to recommendation tables ([280f47b](https://github.com/maevsi/sqitch/commit/280f47b8fd93ee871f2bd25ba2daeaf5e496b84f)) +* **recommendation:** add enum and tables needed for event recommendation ([7fb5e21](https://github.com/maevsi/sqitch/commit/7fb5e21f28fc70ea7bcbb6e764cd54cb5f0a899b)) +* **recommendation:** several modifications to db schema ([8581ad0](https://github.com/maevsi/sqitch/commit/8581ad091bea58ff33fab8a31e1c9e8fd2f2c430)) +* **revert:** add revert for recommendation tables ([cff0b7f](https://github.com/maevsi/sqitch/commit/cff0b7fdef045ac3f388553f7c4bbffb3a019c78)) +* **schema:** fix small errors and build schema ([3183da0](https://github.com/maevsi/sqitch/commit/3183da01587f4b83e646a5158cb8fba42f44a7ff)) +* **verify:** add verification for event recommendation tables ([1d6bb59](https://github.com/maevsi/sqitch/commit/1d6bb59a8cd21b4b3bc1c8a48161b3d3ff6226a3)) + +### Bug Fixes + +* **build:** commit forgotten files ([d554d0f](https://github.com/maevsi/sqitch/commit/d554d0fe33d903da55a1b14ff9b35772ebad867b)) +* **policy:** fix user check in event category mapping policy ([3dfd96a](https://github.com/maevsi/sqitch/commit/3dfd96ab1949933b6326e1762ee6461ff39eda60)) +* **schema:** remove table prefix so schema can be build ([cc5be2d](https://github.com/maevsi/sqitch/commit/cc5be2d7f0db3a251337325ec0b3aa822d0f8482)) + ## [4.8.0](https://github.com/maevsi/sqitch/compare/4.7.0...4.8.0) (2024-12-12) ### Features diff --git a/package.json b/package.json index 34751ffe..339a08d1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.8.0", + "version": "4.9.0", "private": true, "engines": { "node": "22" From 4724a4bee3d9cdbdcc5afb9b48378a69beca7ca8 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 13 Dec 2024 08:05:46 +0100 Subject: [PATCH 090/105] refactor(session): rename account id function --- schema/schema.definition.sql | 166 +++++++++--------- src/deploy/function_account_id.sql | 13 -- src/deploy/function_achievement_unlock.sql | 2 +- .../function_event_invitee_count_maximum.sql | 4 +- src/deploy/function_event_unlock.sql | 2 +- src/deploy/function_events_invited.sql | 2 +- src/deploy/function_events_organized.sql | 2 +- src/deploy/function_invoker_account_id.sql | 13 ++ src/deploy/table_account_interest_policy.sql | 6 +- ...e_account_preference_event_size_policy.sql | 6 +- .../table_account_social_network_policy.sql | 6 +- src/deploy/table_contact.sql | 6 +- src/deploy/table_contact_policy.sql | 20 +-- .../table_event_category_mapping_policy.sql | 14 +- src/deploy/table_event_policy.sql | 12 +- .../table_event_recommendation_policy.sql | 4 +- src/deploy/table_event_upload_policy.sql | 6 +- src/deploy/table_invitation_policy.sql | 18 +- src/deploy/table_legal_term_acceptance.sql | 8 +- src/deploy/table_profile_picture.sql | 12 +- src/deploy/table_report_policy.sql | 8 +- src/deploy/table_upload_policy.sql | 4 +- src/revert/function_account_id.sql | 5 - src/revert/function_invoker_account_id.sql | 5 + src/sqitch.plan | 32 ++-- ...id.sql => function_invoker_account_id.sql} | 4 +- 26 files changed, 190 insertions(+), 190 deletions(-) delete mode 100644 src/deploy/function_account_id.sql create mode 100644 src/deploy/function_invoker_account_id.sql delete mode 100644 src/revert/function_account_id.sql create mode 100644 src/revert/function_invoker_account_id.sql rename src/verify/{function_account_id.sql => function_invoker_account_id.sql} (62%) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index 5666f4de..e31e31d7 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -316,28 +316,6 @@ ALTER FUNCTION maevsi.account_email_address_verification(code uuid) OWNER TO pos COMMENT ON FUNCTION maevsi.account_email_address_verification(code uuid) IS 'Sets the account''s email address verification code to `NULL` for which the email address verification code equals the one passed and is up to date.'; --- --- Name: account_id(); Type: FUNCTION; Schema: maevsi; Owner: postgres --- - -CREATE FUNCTION maevsi.account_id() RETURNS uuid - LANGUAGE plpgsql STABLE STRICT SECURITY DEFINER - AS $$ -BEGIN - RETURN NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; -END; -$$; - - -ALTER FUNCTION maevsi.account_id() OWNER TO postgres; - --- --- Name: FUNCTION account_id(); Type: COMMENT; Schema: maevsi; Owner: postgres --- - -COMMENT ON FUNCTION maevsi.account_id() IS 'Returns the session''s account id.'; - - -- -- Name: account_password_change(text, text); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -612,7 +590,7 @@ DECLARE _achievement maevsi.achievement_type; _achievement_id UUID; BEGIN - _account_id := maevsi.account_id(); + _account_id := maevsi.invoker_account_id(); SELECT achievement FROM maevsi_private.achievement_code @@ -932,9 +910,9 @@ BEGIN ) ) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - "event".author_account_id = maevsi.account_id() + "event".author_account_id = maevsi.invoker_account_id() ) OR "event".id IN (SELECT maevsi_private.events_invited()) ) @@ -995,7 +973,7 @@ BEGIN _jwt_id := current_setting('jwt.claims.id', true)::UUID; _jwt := ( _jwt_id, - maevsi.account_id(), -- prevent empty string cast to UUID + maevsi.invoker_account_id(), -- prevent empty string cast to UUID current_setting('jwt.claims.account_username', true)::TEXT, current_setting('jwt.claims.exp', true)::BIGINT, (SELECT ARRAY(SELECT DISTINCT UNNEST(maevsi.invitation_claim_array() || $1) ORDER BY 1)), @@ -1057,7 +1035,7 @@ CREATE FUNCTION maevsi.events_organized() RETURNS TABLE(event_id uuid) DECLARE account_id UUID; BEGIN - account_id := maevsi.account_id(); + account_id := maevsi.invoker_account_id(); RETURN QUERY SELECT id FROM maevsi.event @@ -1237,6 +1215,28 @@ ALTER FUNCTION maevsi.invitee_count(event_id uuid) OWNER TO postgres; COMMENT ON FUNCTION maevsi.invitee_count(event_id uuid) IS 'Returns the invitee count for an event.'; +-- +-- Name: invoker_account_id(); Type: FUNCTION; Schema: maevsi; Owner: postgres +-- + +CREATE FUNCTION maevsi.invoker_account_id() RETURNS uuid + LANGUAGE plpgsql STABLE STRICT SECURITY DEFINER + AS $$ +BEGIN + RETURN NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; +END; +$$; + + +ALTER FUNCTION maevsi.invoker_account_id() OWNER TO postgres; + +-- +-- Name: FUNCTION invoker_account_id(); Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON FUNCTION maevsi.invoker_account_id() IS 'Returns the session''s account id.'; + + -- -- Name: jwt_refresh(uuid); Type: FUNCTION; Schema: maevsi; Owner: postgres -- @@ -1365,15 +1365,15 @@ CREATE FUNCTION maevsi.trigger_contact_update_account_id() RETURNS trigger BEGIN IF ( -- invoked without account it - maevsi.account_id() IS NULL + maevsi.invoker_account_id() IS NULL OR -- invoked with account it -- and ( -- updating own account's contact - OLD.account_id = maevsi.account_id() + OLD.account_id = maevsi.invoker_account_id() AND - OLD.author_account_id = maevsi.account_id() + OLD.author_account_id = maevsi.invoker_account_id() AND ( -- trying to detach from account @@ -1416,12 +1416,12 @@ BEGIN OLD.id = ANY (maevsi.invitation_claim_array()) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND OLD.contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = maevsi.account_id() + WHERE contact.account_id = maevsi.invoker_account_id() ) ) ) @@ -1436,7 +1436,7 @@ BEGIN RAISE 'You''re only allowed to alter these rows: %!', whitelisted_cols USING ERRCODE = 'insufficient_privilege'; ELSE NEW.updated_at = CURRENT_TIMESTAMP; - NEW.updated_by = maevsi.account_id(); + NEW.updated_by = maevsi.invoker_account_id(); RETURN NEW; END IF; END $$; @@ -1638,7 +1638,7 @@ CREATE FUNCTION maevsi_private.events_invited() RETURNS TABLE(event_id uuid) DECLARE jwt_account_id UUID; BEGIN - jwt_account_id := maevsi.account_id(); + jwt_account_id := maevsi.invoker_account_id(); RETURN QUERY SELECT invitation.event_id FROM maevsi.invitation @@ -4211,21 +4211,21 @@ ALTER TABLE maevsi.account_interest ENABLE ROW LEVEL SECURITY; -- Name: account_interest account_interest_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ((account_id = maevsi.account_id())); +CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ((account_id = maevsi.invoker_account_id())); -- -- Name: account_interest account_interest_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ((account_id = maevsi.account_id())); +CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ((account_id = maevsi.invoker_account_id())); -- -- Name: account_interest account_interest_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ((account_id = maevsi.account_id())); +CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ((account_id = maevsi.invoker_account_id())); -- @@ -4238,21 +4238,21 @@ ALTER TABLE maevsi.account_preference_event_size ENABLE ROW LEVEL SECURITY; -- Name: account_preference_event_size account_preference_event_size_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ((account_id = maevsi.account_id())); +CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ((account_id = maevsi.invoker_account_id())); -- -- Name: account_preference_event_size account_preference_event_size_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ((account_id = maevsi.account_id())); +CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ((account_id = maevsi.invoker_account_id())); -- -- Name: account_preference_event_size account_preference_event_size_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ((account_id = maevsi.account_id())); +CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ((account_id = maevsi.invoker_account_id())); -- @@ -4272,21 +4272,21 @@ ALTER TABLE maevsi.account_social_network ENABLE ROW LEVEL SECURITY; -- Name: account_social_network account_social_network_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ((account_id = maevsi.account_id())); +CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ((account_id = maevsi.invoker_account_id())); -- -- Name: account_social_network account_social_network_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ((account_id = maevsi.account_id())); +CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ((account_id = maevsi.invoker_account_id())); -- -- Name: account_social_network account_social_network_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ((account_id = maevsi.account_id())); +CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ((account_id = maevsi.invoker_account_id())); -- @@ -4312,28 +4312,28 @@ ALTER TABLE maevsi.contact ENABLE ROW LEVEL SECURITY; -- Name: contact contact_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_delete ON maevsi.contact FOR DELETE USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()) AND (account_id IS DISTINCT FROM maevsi.account_id()))); +CREATE POLICY contact_delete ON maevsi.contact FOR DELETE USING (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()) AND (account_id IS DISTINCT FROM maevsi.invoker_account_id()))); -- -- Name: contact contact_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_insert ON maevsi.contact FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); +CREATE POLICY contact_insert ON maevsi.contact FOR INSERT WITH CHECK (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()))); -- -- Name: contact contact_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ((((maevsi.account_id() IS NOT NULL) AND ((account_id = maevsi.account_id()) OR (author_account_id = maevsi.account_id()))) OR (id IN ( SELECT maevsi.invitation_contact_ids() AS invitation_contact_ids)))); +CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ((((maevsi.invoker_account_id() IS NOT NULL) AND ((account_id = maevsi.invoker_account_id()) OR (author_account_id = maevsi.invoker_account_id()))) OR (id IN ( SELECT maevsi.invitation_contact_ids() AS invitation_contact_ids)))); -- -- Name: contact contact_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); +CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()))); -- @@ -4352,27 +4352,27 @@ ALTER TABLE maevsi.event_category_mapping ENABLE ROW LEVEL SECURITY; -- Name: event_category_mapping event_category_mapping_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING (((maevsi.account_id() IS NOT NULL) AND (( SELECT event.author_account_id +CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING (((maevsi.invoker_account_id() IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = maevsi.account_id()))); + WHERE (event.id = event_category_mapping.event_id)) = maevsi.invoker_account_id()))); -- -- Name: event_category_mapping event_category_mapping_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (( SELECT event.author_account_id +CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK (((maevsi.invoker_account_id() IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = maevsi.account_id()))); + WHERE (event.id = event_category_mapping.event_id)) = maevsi.invoker_account_id()))); -- -- Name: event_category_mapping event_category_mapping_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((maevsi.account_id() IS NOT NULL) AND (( SELECT event.author_account_id +CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ((((maevsi.invoker_account_id() IS NOT NULL) AND (( SELECT event.author_account_id FROM maevsi.event - WHERE (event.id = event_category_mapping.event_id)) = maevsi.account_id())) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); + WHERE (event.id = event_category_mapping.event_id)) = maevsi.invoker_account_id())) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); -- @@ -4391,7 +4391,7 @@ ALTER TABLE maevsi.event_grouping ENABLE ROW LEVEL SECURITY; -- Name: event event_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); +CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()))); -- @@ -4404,21 +4404,21 @@ ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; -- Name: event_recommendation event_recommendation_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); +CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING (((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id()))); -- -- Name: event event_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_select ON maevsi.event FOR SELECT USING ((((visibility = 'public'::maevsi.event_visibility) AND ((invitee_count_maximum IS NULL) OR (invitee_count_maximum > maevsi.invitee_count(id)))) OR ((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id())) OR (id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); +CREATE POLICY event_select ON maevsi.event FOR SELECT USING ((((visibility = 'public'::maevsi.event_visibility) AND ((invitee_count_maximum IS NULL) OR (invitee_count_maximum > maevsi.invitee_count(id)))) OR ((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id())) OR (id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); -- -- Name: event event_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY event_update ON maevsi.event FOR UPDATE USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); +CREATE POLICY event_update ON maevsi.event FOR UPDATE USING (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()))); -- @@ -4433,7 +4433,7 @@ ALTER TABLE maevsi.event_upload ENABLE ROW LEVEL SECURITY; CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ((event_id IN ( SELECT event.id FROM maevsi.event - WHERE (event.author_account_id = maevsi.account_id())))); + WHERE (event.author_account_id = maevsi.invoker_account_id())))); -- @@ -4442,9 +4442,9 @@ CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ((even CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK (((event_id IN ( SELECT event.id FROM maevsi.event - WHERE (event.author_account_id = maevsi.account_id()))) AND (upload_id IN ( SELECT upload.id + WHERE (event.author_account_id = maevsi.invoker_account_id()))) AND (upload_id IN ( SELECT upload.id FROM maevsi.upload - WHERE (upload.account_id = maevsi.account_id()))))); + WHERE (upload.account_id = maevsi.invoker_account_id()))))); -- @@ -4472,27 +4472,27 @@ CREATE POLICY invitation_delete ON maevsi.invitation FOR DELETE USING ((event_id -- Name: invitation invitation_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY invitation_insert ON maevsi.invitation FOR INSERT WITH CHECK (((event_id IN ( SELECT maevsi.events_organized() AS events_organized)) AND ((maevsi.event_invitee_count_maximum(event_id) IS NULL) OR (maevsi.event_invitee_count_maximum(event_id) > maevsi.invitee_count(event_id))) AND ((maevsi.account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id +CREATE POLICY invitation_insert ON maevsi.invitation FOR INSERT WITH CHECK (((event_id IN ( SELECT maevsi.events_organized() AS events_organized)) AND ((maevsi.event_invitee_count_maximum(event_id) IS NULL) OR (maevsi.event_invitee_count_maximum(event_id) > maevsi.invitee_count(event_id))) AND ((maevsi.invoker_account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id FROM maevsi.contact - WHERE (contact.author_account_id = maevsi.account_id())))))); + WHERE (contact.author_account_id = maevsi.invoker_account_id())))))); -- -- Name: invitation invitation_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY invitation_select ON maevsi.invitation FOR SELECT USING (((id = ANY (maevsi.invitation_claim_array())) OR ((maevsi.account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id +CREATE POLICY invitation_select ON maevsi.invitation FOR SELECT USING (((id = ANY (maevsi.invitation_claim_array())) OR ((maevsi.invoker_account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id FROM maevsi.contact - WHERE (contact.account_id = maevsi.account_id())))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); + WHERE (contact.account_id = maevsi.invoker_account_id())))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); -- -- Name: invitation invitation_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY invitation_update ON maevsi.invitation FOR UPDATE USING (((id = ANY (maevsi.invitation_claim_array())) OR ((maevsi.account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id +CREATE POLICY invitation_update ON maevsi.invitation FOR UPDATE USING (((id = ANY (maevsi.invitation_claim_array())) OR ((maevsi.invoker_account_id() IS NOT NULL) AND (contact_id IN ( SELECT contact.id FROM maevsi.contact - WHERE (contact.account_id = maevsi.account_id())))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); + WHERE (contact.account_id = maevsi.invoker_account_id())))) OR (event_id IN ( SELECT maevsi.events_organized() AS events_organized)))); -- @@ -4511,14 +4511,14 @@ ALTER TABLE maevsi.legal_term_acceptance ENABLE ROW LEVEL SECURITY; -- Name: legal_term_acceptance legal_term_acceptance_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY legal_term_acceptance_insert ON maevsi.legal_term_acceptance FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); +CREATE POLICY legal_term_acceptance_insert ON maevsi.legal_term_acceptance FOR INSERT WITH CHECK (((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id()))); -- -- Name: legal_term_acceptance legal_term_acceptance_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance FOR SELECT USING (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); +CREATE POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance FOR SELECT USING (((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id()))); -- @@ -4538,14 +4538,14 @@ ALTER TABLE maevsi.profile_picture ENABLE ROW LEVEL SECURITY; -- Name: profile_picture profile_picture_delete; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY profile_picture_delete ON maevsi.profile_picture FOR DELETE USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR ((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id())))); +CREATE POLICY profile_picture_delete ON maevsi.profile_picture FOR DELETE USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR ((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id())))); -- -- Name: profile_picture profile_picture_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY profile_picture_insert ON maevsi.profile_picture FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); +CREATE POLICY profile_picture_insert ON maevsi.profile_picture FOR INSERT WITH CHECK (((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id()))); -- @@ -4559,7 +4559,7 @@ CREATE POLICY profile_picture_select ON maevsi.profile_picture FOR SELECT USING -- Name: profile_picture profile_picture_update; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY profile_picture_update ON maevsi.profile_picture FOR UPDATE USING (((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id()))); +CREATE POLICY profile_picture_update ON maevsi.profile_picture FOR UPDATE USING (((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id()))); -- @@ -4572,14 +4572,14 @@ ALTER TABLE maevsi.report ENABLE ROW LEVEL SECURITY; -- Name: report report_insert; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY report_insert ON maevsi.report FOR INSERT WITH CHECK (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); +CREATE POLICY report_insert ON maevsi.report FOR INSERT WITH CHECK (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()))); -- -- Name: report report_select; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY report_select ON maevsi.report FOR SELECT USING (((maevsi.account_id() IS NOT NULL) AND (author_account_id = maevsi.account_id()))); +CREATE POLICY report_select ON maevsi.report FOR SELECT USING (((maevsi.invoker_account_id() IS NOT NULL) AND (author_account_id = maevsi.invoker_account_id()))); -- @@ -4599,7 +4599,7 @@ CREATE POLICY upload_delete_using ON maevsi.upload FOR DELETE USING ((( SELECT C -- Name: upload upload_select_using; Type: POLICY; Schema: maevsi; Owner: postgres -- -CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR ((maevsi.account_id() IS NOT NULL) AND (account_id = maevsi.account_id())) OR (id IN ( SELECT profile_picture.upload_id +CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING (((( SELECT CURRENT_USER AS "current_user") = 'maevsi_tusd'::name) OR ((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id())) OR (id IN ( SELECT profile_picture.upload_id FROM maevsi.profile_picture)))); @@ -4649,15 +4649,6 @@ GRANT ALL ON FUNCTION maevsi.account_email_address_verification(code uuid) TO ma GRANT ALL ON FUNCTION maevsi.account_email_address_verification(code uuid) TO maevsi_anonymous; --- --- Name: FUNCTION account_id(); Type: ACL; Schema: maevsi; Owner: postgres --- - -REVOKE ALL ON FUNCTION maevsi.account_id() FROM PUBLIC; -GRANT ALL ON FUNCTION maevsi.account_id() TO maevsi_account; -GRANT ALL ON FUNCTION maevsi.account_id() TO maevsi_anonymous; - - -- -- Name: FUNCTION account_password_change(password_current text, password_new text); Type: ACL; Schema: maevsi; Owner: postgres -- @@ -4925,6 +4916,15 @@ GRANT ALL ON FUNCTION maevsi.invitee_count(event_id uuid) TO maevsi_account; GRANT ALL ON FUNCTION maevsi.invitee_count(event_id uuid) TO maevsi_anonymous; +-- +-- Name: FUNCTION invoker_account_id(); Type: ACL; Schema: maevsi; Owner: postgres +-- + +REVOKE ALL ON FUNCTION maevsi.invoker_account_id() FROM PUBLIC; +GRANT ALL ON FUNCTION maevsi.invoker_account_id() TO maevsi_account; +GRANT ALL ON FUNCTION maevsi.invoker_account_id() TO maevsi_anonymous; + + -- -- Name: FUNCTION jwt_refresh(jwt_id uuid); Type: ACL; Schema: maevsi; Owner: postgres -- diff --git a/src/deploy/function_account_id.sql b/src/deploy/function_account_id.sql deleted file mode 100644 index c60fe2ab..00000000 --- a/src/deploy/function_account_id.sql +++ /dev/null @@ -1,13 +0,0 @@ -BEGIN; - -CREATE FUNCTION maevsi.account_id() RETURNS UUID AS $$ -BEGIN - RETURN NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; -END; -$$ LANGUAGE PLPGSQL STRICT SECURITY DEFINER STABLE; - -COMMENT ON FUNCTION maevsi.account_id() IS 'Returns the session''s account id.'; - -GRANT EXECUTE ON FUNCTION maevsi.account_id() TO maevsi_account, maevsi_anonymous; - -COMMIT; diff --git a/src/deploy/function_achievement_unlock.sql b/src/deploy/function_achievement_unlock.sql index 5b6a4f0a..773d87ba 100644 --- a/src/deploy/function_achievement_unlock.sql +++ b/src/deploy/function_achievement_unlock.sql @@ -9,7 +9,7 @@ DECLARE _achievement maevsi.achievement_type; _achievement_id UUID; BEGIN - _account_id := maevsi.account_id(); + _account_id := maevsi.invoker_account_id(); SELECT achievement FROM maevsi_private.achievement_code diff --git a/src/deploy/function_event_invitee_count_maximum.sql b/src/deploy/function_event_invitee_count_maximum.sql index f8a0ada8..387fbb48 100644 --- a/src/deploy/function_event_invitee_count_maximum.sql +++ b/src/deploy/function_event_invitee_count_maximum.sql @@ -20,9 +20,9 @@ BEGIN ) ) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - "event".author_account_id = maevsi.account_id() + "event".author_account_id = maevsi.invoker_account_id() ) OR "event".id IN (SELECT maevsi_private.events_invited()) ) diff --git a/src/deploy/function_event_unlock.sql b/src/deploy/function_event_unlock.sql index e432391d..8d4fe6a2 100644 --- a/src/deploy/function_event_unlock.sql +++ b/src/deploy/function_event_unlock.sql @@ -13,7 +13,7 @@ BEGIN _jwt_id := current_setting('jwt.claims.id', true)::UUID; _jwt := ( _jwt_id, - maevsi.account_id(), -- prevent empty string cast to UUID + maevsi.invoker_account_id(), -- prevent empty string cast to UUID current_setting('jwt.claims.account_username', true)::TEXT, current_setting('jwt.claims.exp', true)::BIGINT, (SELECT ARRAY(SELECT DISTINCT UNNEST(maevsi.invitation_claim_array() || $1) ORDER BY 1)), diff --git a/src/deploy/function_events_invited.sql b/src/deploy/function_events_invited.sql index ff05206e..69e16663 100644 --- a/src/deploy/function_events_invited.sql +++ b/src/deploy/function_events_invited.sql @@ -5,7 +5,7 @@ RETURNS TABLE (event_id UUID) AS $$ DECLARE jwt_account_id UUID; BEGIN - jwt_account_id := maevsi.account_id(); + jwt_account_id := maevsi.invoker_account_id(); RETURN QUERY SELECT invitation.event_id FROM maevsi.invitation diff --git a/src/deploy/function_events_organized.sql b/src/deploy/function_events_organized.sql index 638be1ef..00dd883c 100644 --- a/src/deploy/function_events_organized.sql +++ b/src/deploy/function_events_organized.sql @@ -5,7 +5,7 @@ RETURNS TABLE (event_id UUID) AS $$ DECLARE account_id UUID; BEGIN - account_id := maevsi.account_id(); + account_id := maevsi.invoker_account_id(); RETURN QUERY SELECT id FROM maevsi.event diff --git a/src/deploy/function_invoker_account_id.sql b/src/deploy/function_invoker_account_id.sql new file mode 100644 index 00000000..c2ef0658 --- /dev/null +++ b/src/deploy/function_invoker_account_id.sql @@ -0,0 +1,13 @@ +BEGIN; + +CREATE FUNCTION maevsi.invoker_account_id() RETURNS UUID AS $$ +BEGIN + RETURN NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID; +END; +$$ LANGUAGE PLPGSQL STRICT SECURITY DEFINER STABLE; + +COMMENT ON FUNCTION maevsi.invoker_account_id() IS 'Returns the session''s account id.'; + +GRANT EXECUTE ON FUNCTION maevsi.invoker_account_id() TO maevsi_account, maevsi_anonymous; + +COMMIT; diff --git a/src/deploy/table_account_interest_policy.sql b/src/deploy/table_account_interest_policy.sql index da216580..3f94072a 100644 --- a/src/deploy/table_account_interest_policy.sql +++ b/src/deploy/table_account_interest_policy.sql @@ -6,17 +6,17 @@ ALTER TABLE maevsi.account_interest ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current account. CREATE POLICY account_interest_select ON maevsi.account_interest FOR SELECT USING ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow inserts by the current account. CREATE POLICY account_interest_insert ON maevsi.account_interest FOR INSERT WITH CHECK ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow deletes by the current account. CREATE POLICY account_interest_delete ON maevsi.account_interest FOR DELETE USING ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_account_preference_event_size_policy.sql b/src/deploy/table_account_preference_event_size_policy.sql index d3b71411..004d967d 100644 --- a/src/deploy/table_account_preference_event_size_policy.sql +++ b/src/deploy/table_account_preference_event_size_policy.sql @@ -6,17 +6,17 @@ ALTER TABLE maevsi.account_preference_event_size ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current account. CREATE POLICY account_preference_event_size_select ON maevsi.account_preference_event_size FOR SELECT USING ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow inserts by the current account. CREATE POLICY account_preference_event_size_insert ON maevsi.account_preference_event_size FOR INSERT WITH CHECK ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow deletes by the current account. CREATE POLICY account_preference_event_size_delete ON maevsi.account_preference_event_size FOR DELETE USING ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_account_social_network_policy.sql b/src/deploy/table_account_social_network_policy.sql index d25859ed..99c9eff9 100644 --- a/src/deploy/table_account_social_network_policy.sql +++ b/src/deploy/table_account_social_network_policy.sql @@ -7,17 +7,17 @@ ALTER TABLE maevsi.account_social_network ENABLE ROW LEVEL SECURITY; -- Only allow inserting social links of the current account. CREATE POLICY account_social_network_insert ON maevsi.account_social_network FOR INSERT WITH CHECK ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow updating social links of the current account. CREATE POLICY account_social_network_update ON maevsi.account_social_network FOR UPDATE USING ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow deleting social links of the current account.. CREATE POLICY account_social_network_delete ON maevsi.account_social_network FOR DELETE USING ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_contact.sql b/src/deploy/table_contact.sql index 83fea948..7971d4c0 100644 --- a/src/deploy/table_contact.sql +++ b/src/deploy/table_contact.sql @@ -42,15 +42,15 @@ CREATE FUNCTION maevsi.trigger_contact_update_account_id() RETURNS TRIGGER AS $$ BEGIN IF ( -- invoked without account it - maevsi.account_id() IS NULL + maevsi.invoker_account_id() IS NULL OR -- invoked with account it -- and ( -- updating own account's contact - OLD.account_id = maevsi.account_id() + OLD.account_id = maevsi.invoker_account_id() AND - OLD.author_account_id = maevsi.account_id() + OLD.author_account_id = maevsi.invoker_account_id() AND ( -- trying to detach from account diff --git a/src/deploy/table_contact_policy.sql b/src/deploy/table_contact_policy.sql index be83c571..ee3dda8a 100644 --- a/src/deploy/table_contact_policy.sql +++ b/src/deploy/table_contact_policy.sql @@ -10,11 +10,11 @@ ALTER TABLE maevsi.contact ENABLE ROW LEVEL SECURITY; -- Only display contacts for which an accessible invitation exists. CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ( ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND ( - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() OR - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ) ) OR @@ -23,25 +23,25 @@ CREATE POLICY contact_select ON maevsi.contact FOR SELECT USING ( -- Only allow inserts for contacts authored by the invoker's account. CREATE POLICY contact_insert ON maevsi.contact FOR INSERT WITH CHECK ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ); -- Only allow updates for contacts authored by the invoker's account. CREATE POLICY contact_update ON maevsi.contact FOR UPDATE USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ); -- Only allow deletes for contacts authored by the invoker's account except for the own account's contact. CREATE POLICY contact_delete ON maevsi.contact FOR DELETE USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() AND - account_id IS DISTINCT FROM maevsi.account_id() + account_id IS DISTINCT FROM maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_event_category_mapping_policy.sql b/src/deploy/table_event_category_mapping_policy.sql index aa1342b2..cfac16ea 100644 --- a/src/deploy/table_event_category_mapping_policy.sql +++ b/src/deploy/table_event_category_mapping_policy.sql @@ -9,9 +9,9 @@ ALTER TABLE maevsi.event_category_mapping ENABLE ROW LEVEL SECURITY; -- Exclude events created by a blocked user and invitated events where the invation comes form a blocked user. CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR SELECT USING ( ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND ( - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.account_id() + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.invoker_account_id() ) ) OR @@ -23,23 +23,23 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR AND event_id NOT IN ( SELECT e.event_id FROM maevsi.event e JOIN maevsi.account_block b ON e.account_id = b.blocked_account_id - WHERE b.account_id = maevsi.account_id() + WHERE b.account_id = maevsi.invoker_account_id() ) */ ); -- Only allow inserts for events authored by user. CREATE POLICY event_category_mapping_insert ON maevsi.event_category_mapping FOR INSERT WITH CHECK ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.account_id() + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.invoker_account_id() ); -- Only allow deletes for events authored by user. CREATE POLICY event_category_mapping_delete ON maevsi.event_category_mapping FOR DELETE USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.account_id() + (SELECT author_account_id FROM maevsi.event WHERE id = event_id) = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_event_policy.sql b/src/deploy/table_event_policy.sql index b121f349..dd2c801f 100644 --- a/src/deploy/table_event_policy.sql +++ b/src/deploy/table_event_policy.sql @@ -20,25 +20,25 @@ CREATE POLICY event_select ON maevsi.event FOR SELECT USING ( ) ) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ) OR id IN (SELECT maevsi_private.events_invited()) ); -- Only allow inserts for events authored by the current user. CREATE POLICY event_insert ON maevsi.event FOR INSERT WITH CHECK ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ); -- Only allow updates for events authored by the current user. CREATE POLICY event_update ON maevsi.event FOR UPDATE USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_event_recommendation_policy.sql b/src/deploy/table_event_recommendation_policy.sql index 156cbb55..569f54bb 100644 --- a/src/deploy/table_event_recommendation_policy.sql +++ b/src/deploy/table_event_recommendation_policy.sql @@ -6,9 +6,9 @@ ALTER TABLE maevsi.event_recommendation ENABLE ROW LEVEL SECURITY; -- Only allow selects by the current user. CREATE POLICY event_recommendation_select ON maevsi.event_recommendation FOR SELECT USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_event_upload_policy.sql b/src/deploy/table_event_upload_policy.sql index cbbf3fbd..fd4f790c 100644 --- a/src/deploy/table_event_upload_policy.sql +++ b/src/deploy/table_event_upload_policy.sql @@ -17,12 +17,12 @@ CREATE POLICY event_upload_select ON maevsi.event_upload FOR SELECT USING ( CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( event_id IN ( SELECT id FROM maevsi.event - WHERE author_account_id = maevsi.account_id() + WHERE author_account_id = maevsi.invoker_account_id() ) AND upload_id IN ( SELECT id FROM maevsi.upload - WHERE account_id = maevsi.account_id() + WHERE account_id = maevsi.invoker_account_id() ) ); @@ -30,7 +30,7 @@ CREATE POLICY event_upload_insert ON maevsi.event_upload FOR INSERT WITH CHECK ( CREATE POLICY event_upload_delete ON maevsi.event_upload FOR DELETE USING ( event_id IN ( SELECT id FROM maevsi.event - WHERE author_account_id = maevsi.account_id() + WHERE author_account_id = maevsi.invoker_account_id() ) ); diff --git a/src/deploy/table_invitation_policy.sql b/src/deploy/table_invitation_policy.sql index ca2ed432..c13ba154 100644 --- a/src/deploy/table_invitation_policy.sql +++ b/src/deploy/table_invitation_policy.sql @@ -12,12 +12,12 @@ CREATE POLICY invitation_select ON maevsi.invitation FOR SELECT USING ( id = ANY (maevsi.invitation_claim_array()) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = maevsi.account_id() + WHERE contact.account_id = maevsi.invoker_account_id() ) ) OR event_id IN (SELECT maevsi.events_organized()) @@ -35,12 +35,12 @@ CREATE POLICY invitation_insert ON maevsi.invitation FOR INSERT WITH CHECK ( ) AND ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.author_account_id = maevsi.account_id() + WHERE contact.author_account_id = maevsi.invoker_account_id() ) ) ); @@ -52,12 +52,12 @@ CREATE POLICY invitation_update ON maevsi.invitation FOR UPDATE USING ( id = ANY (maevsi.invitation_claim_array()) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = maevsi.account_id() + WHERE contact.account_id = maevsi.invoker_account_id() ) ) OR event_id IN (SELECT maevsi.events_organized()) @@ -78,12 +78,12 @@ BEGIN OLD.id = ANY (maevsi.invitation_claim_array()) OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND OLD.contact_id IN ( SELECT id FROM maevsi.contact - WHERE contact.account_id = maevsi.account_id() + WHERE contact.account_id = maevsi.invoker_account_id() ) ) ) @@ -98,7 +98,7 @@ BEGIN RAISE 'You''re only allowed to alter these rows: %!', whitelisted_cols USING ERRCODE = 'insufficient_privilege'; ELSE NEW.updated_at = CURRENT_TIMESTAMP; - NEW.updated_by = maevsi.account_id(); + NEW.updated_by = maevsi.invoker_account_id(); RETURN NEW; END IF; END $$ LANGUAGE PLPGSQL STRICT VOLATILE SECURITY INVOKER; diff --git a/src/deploy/table_legal_term_acceptance.sql b/src/deploy/table_legal_term_acceptance.sql index caeaf15a..7a79d8e8 100644 --- a/src/deploy/table_legal_term_acceptance.sql +++ b/src/deploy/table_legal_term_acceptance.sql @@ -20,15 +20,15 @@ ALTER TABLE maevsi.legal_term_acceptance ENABLE ROW LEVEL SECURITY; -- Allow to select legal term acceptances for the own account. CREATE POLICY legal_term_acceptance_select ON maevsi.legal_term_acceptance FOR SELECT USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); CREATE POLICY legal_term_acceptance_insert ON maevsi.legal_term_acceptance FOR INSERT WITH CHECK ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_profile_picture.sql b/src/deploy/table_profile_picture.sql index 5ec93ce5..65b1b07d 100644 --- a/src/deploy/table_profile_picture.sql +++ b/src/deploy/table_profile_picture.sql @@ -24,16 +24,16 @@ CREATE POLICY profile_picture_select ON maevsi.profile_picture FOR SELECT USING -- Only allow inserts with a account id that matches the invoker's account id. CREATE POLICY profile_picture_insert ON maevsi.profile_picture FOR INSERT WITH CHECK ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow updates to the item with the account id that matches the invoker's account id. CREATE POLICY profile_picture_update ON maevsi.profile_picture FOR UPDATE USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ); -- Only allow deletes for the item with the account id that matches the invoker's account id. @@ -41,9 +41,9 @@ CREATE POLICY profile_picture_delete ON maevsi.profile_picture FOR DELETE USING (SELECT current_user) = 'maevsi_tusd' OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ) ); diff --git a/src/deploy/table_report_policy.sql b/src/deploy/table_report_policy.sql index 17965569..a1cad560 100644 --- a/src/deploy/table_report_policy.sql +++ b/src/deploy/table_report_policy.sql @@ -6,16 +6,16 @@ ALTER TABLE maevsi.report ENABLE ROW LEVEL SECURITY; -- Only allow inserts for reports authored by the current user. CREATE POLICY report_insert ON maevsi.report FOR INSERT WITH CHECK ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ); -- Only allow selects for reports authored by the current user. CREATE POLICY report_select ON maevsi.report FOR SELECT USING ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - author_account_id = maevsi.account_id() + author_account_id = maevsi.invoker_account_id() ); COMMIT; diff --git a/src/deploy/table_upload_policy.sql b/src/deploy/table_upload_policy.sql index 3cc1c8bb..d573d8b9 100644 --- a/src/deploy/table_upload_policy.sql +++ b/src/deploy/table_upload_policy.sql @@ -14,9 +14,9 @@ CREATE POLICY upload_select_using ON maevsi.upload FOR SELECT USING ( (SELECT current_user) = 'maevsi_tusd' OR ( - maevsi.account_id() IS NOT NULL + maevsi.invoker_account_id() IS NOT NULL AND - account_id = maevsi.account_id() + account_id = maevsi.invoker_account_id() ) OR id IN (SELECT upload_id FROM maevsi.profile_picture) diff --git a/src/revert/function_account_id.sql b/src/revert/function_account_id.sql deleted file mode 100644 index 4e828977..00000000 --- a/src/revert/function_account_id.sql +++ /dev/null @@ -1,5 +0,0 @@ -BEGIN; - -DROP FUNCTION maevsi.account_id; - -COMMIT; diff --git a/src/revert/function_invoker_account_id.sql b/src/revert/function_invoker_account_id.sql new file mode 100644 index 00000000..d20fbd7c --- /dev/null +++ b/src/revert/function_invoker_account_id.sql @@ -0,0 +1,5 @@ +BEGIN; + +DROP FUNCTION maevsi.invoker_account_id; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index 85faf2b3..e30d7089 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -10,7 +10,7 @@ role_tusd [role_postgraphile] 1970-01-01T00:00:00Z Jonas Thelemann # Add public schema. schema_private 1970-01-01T00:00:00Z Jonas Thelemann # Add private schema. extension_pgcrypto [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add extension pgcrypto. -function_account_id [privilege_execute_revoke schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Returns the session's account id. +function_invoker_account_id [privilege_execute_revoke schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Returns the session's account id. enum_invitation_feedback [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Possible answers to an invitation: accepted, canceled. enum_event_visibility [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Possible visibilities of events and event groups: public, private. table_notification [schema_private] 1970-01-01T00:00:00Z Jonas Thelemann # Notifications that are sent via pg_notify. @@ -19,22 +19,22 @@ table_account_public [schema_public schema_private table_account_private] 1970-0 table_event_group [schema_public role_account role_anonymous table_account_public enum_event_visibility] 1970-01-01T00:00:00Z Jonas Thelemann # Add table event_group. index_event_group_author_username [table_event_group] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event group table's author_username field. table_event [schema_public role_account role_anonymous table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # Add table event. -function_events_organized [privilege_execute_revoke schema_public function_account_id table_event role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is the author. +function_events_organized [privilege_execute_revoke schema_public function_invoker_account_id table_event role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is the author. function_invitation_claim_array [privilege_execute_revoke schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the current invitation claims as UUID array. index_event_author_username [table_event] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event table's username field. enum_invitation_feedback_paper 1970-01-01T00:00:00Z Jonas Thelemann # Possible choices on how to receive a paper invitation: paper, digital. enum_language [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann # Supported ISO 639 language codes. -table_contact [schema_public table_account_public enum_language role_account function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Add table contact. +table_contact [schema_public table_account_public enum_language role_account function_invoker_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Add table contact. table_invitation [schema_public table_event table_contact] 1970-01-01T00:00:00Z Jonas Thelemann # Add table invitation. -function_events_invited [privilege_execute_revoke schema_private schema_public function_account_id table_invitation table_contact role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. +function_events_invited [privilege_execute_revoke schema_private schema_public function_invoker_account_id table_invitation table_contact role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. function_invitation_contact_ids [privilege_execute_revoke schema_public table_invitation function_invitation_claim_array function_events_organized role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns all event ids for which the invoker is invited. -table_contact_policy [schema_public table_contact role_account role_anonymous function_account_id function_invitation_contact_ids] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. +table_contact_policy [schema_public table_contact role_account role_anonymous function_invoker_account_id function_invitation_contact_ids] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. function_invitee_count [privilege_execute_revoke schema_public table_invitation role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the invitee count for an event. -table_event_policy [schema_public table_event role_account role_anonymous function_invitee_count function_account_id schema_private function_events_invited] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table event. +table_event_policy [schema_public table_event role_account role_anonymous function_invitee_count function_invoker_account_id schema_private function_events_invited] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table event. index_invitation_event_id [table_invitation] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the invitation table's event_id field. index_invitation_contact_id [table_invitation] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the invitation table's contact_id field. -function_event_invitee_count_maximum [privilege_execute_revoke schema_public table_event function_invitee_count function_account_id schema_private function_events_invited role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the maximum invitee count of an accessible event. -table_invitation_policy [schema_public table_invitation role_account role_anonymous function_invitation_claim_array function_account_id function_events_organized function_event_invitee_count_maximum] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. +function_event_invitee_count_maximum [privilege_execute_revoke schema_public table_event function_invitee_count function_invoker_account_id schema_private function_events_invited role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that returns the maximum invitee count of an accessible event. +table_invitation_policy [schema_public table_invitation role_account role_anonymous function_invitation_claim_array function_invoker_account_id function_events_organized function_event_invitee_count_maximum] 1970-01-01T00:00:00Z Jonas Thelemann # Add policy for table contact. table_event_grouping [schema_public role_account role_anonymous table_event table_event_group] 1970-01-01T00:00:00Z Jonas Thelemann # Add table event grouping. index_event_grouping_event_id [table_event_grouping] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event grouping table's event_id field. index_event_grouping_event_group_id [table_event_grouping] 1970-01-01T00:00:00Z Jonas Thelemann # Add an index to the event grouping table's event_group_id field. @@ -44,12 +44,12 @@ table_jwt [schema_private] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function to authenticate accounts. function_account_password_change [privilege_execute_revoke schema_public schema_private role_account table_account_private extension_pgcrypto] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that allows to change an account's password. type_event_unlock_response [schema_public type_jwt] 1970-01-01T00:00:00Z Jonas Thelemann # Add a type that is returned by invitation id redemption. -function_event_unlock [privilege_execute_revoke schema_public function_account_id table_event table_invitation function_invitation_claim_array type_jwt table_jwt type_event_unlock_response] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that assigns an invitation to the current session +function_event_unlock [privilege_execute_revoke schema_public function_invoker_account_id table_event table_invitation function_invitation_claim_array type_jwt table_jwt type_event_unlock_response] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that assigns an invitation to the current session function_jwt_refresh [privilege_execute_revoke schema_public type_jwt table_jwt] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that refreshes tokens. table_upload [schema_public table_account_public] 1970-01-01T00:00:00Z Jonas Thelemann # An upload. function_upload_create [privilege_execute_revoke schema_public schema_private role_account table_upload table_account_private] 1970-01-01T00:00:00Z Jonas Thelemann # Creates an upload with the given size if quota is available. -table_profile_picture [schema_public table_account_public table_upload role_account role_anonymous role_tusd function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Mapping of usernames to upload storage keys. -table_upload_policy [schema_public table_upload role_account role_anonymous role_tusd function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Policies for uploads. +table_profile_picture [schema_public table_account_public table_upload role_account role_anonymous role_tusd function_invoker_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Mapping of usernames to upload storage keys. +table_upload_policy [schema_public table_upload role_account role_anonymous role_tusd function_invoker_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Policies for uploads. function_profile_picture_set [privilege_execute_revoke schema_public role_account table_profile_picture] 1970-01-01T00:00:00Z Jonas Thelemann # Sets the picture with the given storage key as the invoker's profile picture. function_event_delete [privilege_execute_revoke schema_public role_account table_account_private table_event extension_pgcrypto] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that allows to delete an event. function_account_delete [privilege_execute_revoke schema_public role_account table_account_private table_event extension_pgcrypto] 1970-01-01T00:00:00Z Jonas Thelemann # Add a function that allows to delete an account. @@ -66,17 +66,17 @@ role_grafana [database_grafana] 1970-01-01T00:00:00Z Jonas Thelemann # Achievement enumeration. table_achievement_code [schema_private schema_public enum_achievement_type] 1970-01-01T00:00:00Z Jonas Thelemann # Codes that unlock achievements. table_achievement [schema_public table_account_public enum_achievement_type role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Achievement unlocks by user. -function_achievement_unlock [privilege_execute_revoke schema_public enum_achievement_type function_account_id schema_private table_achievement_code table_achievement role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Unlock achievements. +function_achievement_unlock [privilege_execute_revoke schema_public enum_achievement_type function_invoker_account_id schema_private table_achievement_code table_achievement role_account] 1970-01-01T00:00:00Z Jonas Thelemann # Unlock achievements. table_report [schema_public table_account_public table_event table_upload] 1970-01-01T00:00:00Z Marlon # Stores reports made by users on other users, events, or uploads for moderation purposes. -table_report_policy [schema_public table_report role_account function_account_id] 1970-01-01T00:00:00Z Marlon # Access policies for reports. +table_report_policy [schema_public table_report role_account function_invoker_account_id] 1970-01-01T00:00:00Z Marlon # Access policies for reports. table_legal_term [schema_public role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann # Legal terms like privacy policies or terms of service. -table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account function_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. +table_legal_term_acceptance [schema_public table_account_public table_legal_term role_account function_invoker_account_id] 1970-01-01T00:00:00Z Jonas Thelemann # Tracks each user account's acceptance of legal terms and conditions. enum_social_network [schema_public] 1970-01-01T00:00:00Z sven # Social networks. table_account_social_network [schema_public table_account_public enum_social_network] 1970-01-01T00:00:00Z sven # Links accounts to their social media profiles. -table_account_social_network_policy [schema_public table_account_social_network function_account_id role_account] 1970-01-01T00:00:00Z sven # Row level security policies for table account_social_network. +table_account_social_network_policy [schema_public table_account_social_network function_invoker_account_id role_account] 1970-01-01T00:00:00Z sven # Row level security policies for table account_social_network. enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). -table_account_preference_event_size_policy [schema_public table_account_preference_event_size function_account_id role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. +table_account_preference_event_size_policy [schema_public table_account_preference_event_size function_invoker_account_id role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. table_event_upload [schema_public table_event table_upload] 1970-01-01T00:00:00Z Sven Thelemann # Add table event_upload. table_event_upload_policy [schema_public table_event_upload role_account role_anonymous table_event table_upload] 1970-01-01T00:00:00Z Sven Thelemann # Grants and policies for table event_upload. view_invitation_flat [schema_public table_invitation table_contact table_event role_account role_anonymous] 1970-01-01T00:00:00Z Sven Thelemann # View returning flattened invitations. diff --git a/src/verify/function_account_id.sql b/src/verify/function_invoker_account_id.sql similarity index 62% rename from src/verify/function_account_id.sql rename to src/verify/function_invoker_account_id.sql index b5f28cc8..570f90db 100644 --- a/src/verify/function_account_id.sql +++ b/src/verify/function_invoker_account_id.sql @@ -2,8 +2,8 @@ BEGIN; DO $$ BEGIN - ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.account_id()', 'EXECUTE')); - ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.account_id()', 'EXECUTE')); + ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_account', 'maevsi.invoker_account_id()', 'EXECUTE')); + ASSERT (SELECT pg_catalog.has_function_privilege('maevsi_anonymous', 'maevsi.invoker_account_id()', 'EXECUTE')); END $$; ROLLBACK; From 0186f1b95901d24cf265d6e9fabcbfb009eca32d Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 13 Dec 2024 08:11:55 +0100 Subject: [PATCH 091/105] refactor(invitation): reformat flat view --- schema/schema.definition.sql | 64 +++++++++++++------------- src/deploy/view_invitation_flat.sql | 71 +++++++++++++++-------------- 2 files changed, 68 insertions(+), 67 deletions(-) diff --git a/schema/schema.definition.sql b/schema/schema.definition.sql index e31e31d7..55ecc4bc 100644 --- a/schema/schema.definition.sql +++ b/schema/schema.definition.sql @@ -2367,38 +2367,38 @@ COMMENT ON COLUMN maevsi.invitation.feedback_paper IS 'The invitation''s paper f -- CREATE VIEW maevsi.invitation_flat WITH (security_invoker='true') AS - SELECT i.id AS invitation_id, - i.contact_id AS invitation_contact_id, - i.event_id AS invitation_event_id, - i.feedback AS invitation_feedback, - i.feedback_paper AS invitation_feedback_paper, - c.id AS contact_id, - c.account_id AS contact_account_id, - c.address AS contact_address, - c.author_account_id AS contact_author_account_id, - c.email_address AS contact_email_address, - c.email_address_hash AS contact_email_address_hash, - c.first_name AS contact_first_name, - c.last_name AS contact_last_name, - c.phone_number AS contact_phone_number, - c.url AS contact_url, - e.id AS event_id, - e.author_account_id AS event_author_account_id, - e.description AS event_description, - e.start AS event_start, - e."end" AS event_end, - e.invitee_count_maximum AS event_invitee_count_maximum, - e.is_archived AS event_is_archived, - e.is_in_person AS event_is_in_person, - e.is_remote AS event_is_remote, - e.location AS event_location, - e.name AS event_name, - e.slug AS event_slug, - e.url AS event_url, - e.visibility AS event_visibility - FROM ((maevsi.invitation i - JOIN maevsi.contact c ON ((i.contact_id = c.id))) - JOIN maevsi.event e ON ((i.event_id = e.id))); + SELECT invitation.id AS invitation_id, + invitation.contact_id AS invitation_contact_id, + invitation.event_id AS invitation_event_id, + invitation.feedback AS invitation_feedback, + invitation.feedback_paper AS invitation_feedback_paper, + contact.id AS contact_id, + contact.account_id AS contact_account_id, + contact.address AS contact_address, + contact.author_account_id AS contact_author_account_id, + contact.email_address AS contact_email_address, + contact.email_address_hash AS contact_email_address_hash, + contact.first_name AS contact_first_name, + contact.last_name AS contact_last_name, + contact.phone_number AS contact_phone_number, + contact.url AS contact_url, + event.id AS event_id, + event.author_account_id AS event_author_account_id, + event.description AS event_description, + event.start AS event_start, + event."end" AS event_end, + event.invitee_count_maximum AS event_invitee_count_maximum, + event.is_archived AS event_is_archived, + event.is_in_person AS event_is_in_person, + event.is_remote AS event_is_remote, + event.location AS event_location, + event.name AS event_name, + event.slug AS event_slug, + event.url AS event_url, + event.visibility AS event_visibility + FROM ((maevsi.invitation + JOIN maevsi.contact ON ((invitation.contact_id = contact.id))) + JOIN maevsi.event ON ((invitation.event_id = event.id))); ALTER VIEW maevsi.invitation_flat OWNER TO postgres; diff --git a/src/deploy/view_invitation_flat.sql b/src/deploy/view_invitation_flat.sql index ecbe5a30..a9be71af 100644 --- a/src/deploy/view_invitation_flat.sql +++ b/src/deploy/view_invitation_flat.sql @@ -1,39 +1,40 @@ BEGIN; -CREATE VIEW maevsi.invitation_flat -WITH (security_invoker) -AS SELECT - i.id AS invitation_id, - i.contact_id AS invitation_contact_id, - i.event_id AS invitation_event_id, - i.feedback AS invitation_feedback, - i.feedback_paper AS invitation_feedback_paper, - c.id AS contact_id, - c.account_id AS contact_account_id, - c.address AS contact_address, - c.author_account_id AS contact_author_account_id, - c.email_address AS contact_email_address, - c.email_address_hash AS contact_email_address_hash, - c.first_name AS contact_first_name , - c.last_name AS contact_last_name, - c.phone_number AS contact_phone_number, - c.url AS contact_url, - e.id AS event_id, - e.author_account_id AS event_author_account_id, - e.description AS event_description, - e.start AS event_start, - e.end AS event_end, - e.invitee_count_maximum AS event_invitee_count_maximum, - e.is_archived AS event_is_archived, - e.is_in_person AS event_is_in_person, - e.is_remote AS event_is_remote, - e.location AS event_location, - e.name AS event_name, - e.slug AS event_slug, - e.url AS event_url, - e.visibility AS event_visibility -FROM maevsi.invitation i - JOIN maevsi.contact c ON i.contact_id = c.id - JOIN maevsi.event e ON i.event_id = e.id; +CREATE VIEW maevsi.invitation_flat WITH (security_invoker) AS + SELECT + invitation.id AS invitation_id, + invitation.contact_id AS invitation_contact_id, + invitation.event_id AS invitation_event_id, + invitation.feedback AS invitation_feedback, + invitation.feedback_paper AS invitation_feedback_paper, + + contact.id AS contact_id, + contact.account_id AS contact_account_id, + contact.address AS contact_address, + contact.author_account_id AS contact_author_account_id, + contact.email_address AS contact_email_address, + contact.email_address_hash AS contact_email_address_hash, + contact.first_name AS contact_first_name , + contact.last_name AS contact_last_name, + contact.phone_number AS contact_phone_number, + contact.url AS contact_url, + + event.id AS event_id, + event.author_account_id AS event_author_account_id, + event.description AS event_description, + event.start AS event_start, + event.end AS event_end, + event.invitee_count_maximum AS event_invitee_count_maximum, + event.is_archived AS event_is_archived, + event.is_in_person AS event_is_in_person, + event.is_remote AS event_is_remote, + event.location AS event_location, + event.name AS event_name, + event.slug AS event_slug, + event.url AS event_url, + event.visibility AS event_visibility + FROM maevsi.invitation + JOIN maevsi.contact ON invitation.contact_id = contact.id + JOIN maevsi.event ON invitation.event_id = event.id; COMMENT ON VIEW maevsi.invitation_flat IS 'View returning flattened invitations.'; From 8d80901ae78596e5441af8700fde9a91cdcda962 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Fri, 13 Dec 2024 08:46:25 +0100 Subject: [PATCH 092/105] docs(readme): add three way merge to git apply instruction --- README.md | 2 +- test/data.patch | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d28facd2..0f23f9aa 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ For example, run `./sqitch deploy` to fill the database with structure like tabl In case you want to be able to simple call `sqitch deploy` without `./` instead, add an `alias sqitch="./sqitch"` to your shell configuration (`~/.bashrc`, `~/.zshrc`, ...). -The `test` directory contains the `data.patch` file that can be applied by running `git apply data.patch` to add basic test data to your working directory. +The `test` directory contains the `data.patch` file that can be applied by running `git apply --3way data.patch` to add basic test data to your working directory. ## Database Diagram diff --git a/test/data.patch b/test/data.patch index 3e7a2ca7..cc09630c 100644 --- a/test/data.patch +++ b/test/data.patch @@ -214,13 +214,13 @@ index 0000000..50ae98c + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan -index 8419403..ed1309a 100644 +index e30d708..9c4498f 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan -@@ -76,3 +76,4 @@ table_account_social_network_policy [schema_public table_account_social_network - enum_event_size [schema_public] 1970-01-01T00:00:00Z Sven Thelemann # Possible event sizes: small, medium, large, huge. - table_account_preference_event_size [schema_public table_account_public enum_event_size] 1970-01-01T00:00:00Z Sven Thelemann # Table for the user accounts' preferred event sizes (M:N relationship). - table_account_preference_event_size_policy [schema_public table_account_preference_event_size role_account] 1970-01-01T00:00:00Z Sven Thelemann # Security policy for table account_event_size_pref. +@@ -88,3 +88,4 @@ table_event_category_mapping [schema_public table_event table_event_category] 19 + table_event_category_mapping_policy [schema_public table_event_category_mapping role_anonymous role_account table_event]1970-01-01T00:00:00Z marlon # Row level security policies for table table_event_category_mapping. + table_event_recommendation [schema_public table_account_public table_event] 1970-01-01T00:00:00Z marlon # Events recommended to a user account (M:N relationship). + table_event_recommendation_policy [schema_public table_event_recommendation role_account] 1970-01-01T00:00:00Z marlon # Row level security policies for table event_recommendation. +data_test 1970-01-01T00:00:00Z Jonas Thelemann # Add test data. diff --git a/src/verify/data_test.sql b/src/verify/data_test.sql new file mode 100644 From acaccfcf1fcedb85e95de27e45ae95a434c31709 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 15 Dec 2024 18:07:37 +0000 Subject: [PATCH 093/105] chore(deps): update dependency @commitlint/cli to v19.6.1 --- package.json | 2 +- pnpm-lock.yaml | 40 ++++++++++++++++++++-------------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index 339a08d1..bd81b275 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "prepare": "husky" }, "devDependencies": { - "@commitlint/cli": "19.6.0", + "@commitlint/cli": "19.6.1", "@commitlint/config-conventional": "19.6.0", "conventional-changelog-conventionalcommits": "8.0.0", "husky": "9.1.7" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c1a31961..e3a4b01e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ importers: .: devDependencies: '@commitlint/cli': - specifier: 19.6.0 - version: 19.6.0(@types/node@22.10.1)(typescript@5.7.2) + specifier: 19.6.1 + version: 19.6.1(@types/node@22.10.1)(typescript@5.7.2) '@commitlint/config-conventional': specifier: 19.6.0 version: 19.6.0 @@ -31,8 +31,8 @@ packages: resolution: {integrity: sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==} engines: {node: '>=6.9.0'} - '@commitlint/cli@19.6.0': - resolution: {integrity: sha512-v17BgGD9w5KnthaKxXnEg6KLq6DYiAxyiN44TpiRtqyW8NSq+Kx99mkEG8Qo6uu6cI5eMzMojW2muJxjmPnF8w==} + '@commitlint/cli@19.6.1': + resolution: {integrity: sha512-8hcyA6ZoHwWXC76BoC8qVOSr8xHy00LZhZpauiD0iO0VYbVhMnED0da85lTfIULxl7Lj4c6vZgF0Wu/ed1+jlQ==} engines: {node: '>=v18'} hasBin: true @@ -64,8 +64,8 @@ packages: resolution: {integrity: sha512-LRo7zDkXtcIrpco9RnfhOKeg8PAnE3oDDoalnrVU/EVaKHYBWYL1DlRR7+3AWn0JiBqD8yKOfetVxJGdEtZ0tg==} engines: {node: '>=v18'} - '@commitlint/load@19.5.0': - resolution: {integrity: sha512-INOUhkL/qaKqwcTUvCE8iIUf5XHsEPCLY9looJ/ipzi7jtGhgmtH7OOFiNvwYgH7mA8osUWOUDV8t4E2HAi4xA==} + '@commitlint/load@19.6.1': + resolution: {integrity: sha512-kE4mRKWWNju2QpsCWt428XBvUH55OET2N4QKQ0bF85qS/XbsRGG1MiTByDNlEVpEPceMkDr46LNH95DtRwcsfA==} engines: {node: '>=v18'} '@commitlint/message@19.5.0': @@ -166,13 +166,13 @@ packages: engines: {node: '>=16'} hasBin: true - cosmiconfig-typescript-loader@5.1.0: - resolution: {integrity: sha512-7PtBB+6FdsOvZyJtlF3hEPpACq7RQX6BVGsgC7/lfVXnKMvNCu/XY3ykreqG5w/rBNdu2z8LCIKoF3kpHHdHlA==} - engines: {node: '>=v16'} + cosmiconfig-typescript-loader@6.1.0: + resolution: {integrity: sha512-tJ1w35ZRUiM5FeTzT7DtYWAFFv37ZLqSRkGi2oeCK1gPhvaWjkAtfXvLmvE1pRfxxp9aQo6ba/Pvg1dKj05D4g==} + engines: {node: '>=v18'} peerDependencies: '@types/node': '*' - cosmiconfig: '>=8.2' - typescript: '>=4' + cosmiconfig: '>=9' + typescript: '>=5' cosmiconfig@9.0.0: resolution: {integrity: sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==} @@ -259,8 +259,8 @@ packages: resolution: {integrity: sha512-+oDTluR6WEjdXEJMnC2z6A4FRwFoYuvShVVEGsS7ewc0UTi2QtAKMDJuL4BDEVt+5T7MjFo12RP8ghOM75oKJw==} engines: {node: '>=8'} - jiti@1.21.6: - resolution: {integrity: sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w==} + jiti@2.4.1: + resolution: {integrity: sha512-yPBThwecp1wS9DmoA4x4KR2h3QoslacnDR8ypuFM962kI4/456Iy1oHx2RAgh4jfZNdn0bctsdadceiBUgpU1g==} hasBin: true js-tokens@4.0.0: @@ -429,11 +429,11 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.6.0(@types/node@22.10.1)(typescript@5.7.2)': + '@commitlint/cli@19.6.1(@types/node@22.10.1)(typescript@5.7.2)': dependencies: '@commitlint/format': 19.5.0 '@commitlint/lint': 19.6.0 - '@commitlint/load': 19.5.0(@types/node@22.10.1)(typescript@5.7.2) + '@commitlint/load': 19.6.1(@types/node@22.10.1)(typescript@5.7.2) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 tinyexec: 0.3.1 @@ -480,7 +480,7 @@ snapshots: '@commitlint/rules': 19.6.0 '@commitlint/types': 19.5.0 - '@commitlint/load@19.5.0(@types/node@22.10.1)(typescript@5.7.2)': + '@commitlint/load@19.6.1(@types/node@22.10.1)(typescript@5.7.2)': dependencies: '@commitlint/config-validator': 19.5.0 '@commitlint/execute-rule': 19.5.0 @@ -488,7 +488,7 @@ snapshots: '@commitlint/types': 19.5.0 chalk: 5.3.0 cosmiconfig: 9.0.0(typescript@5.7.2) - cosmiconfig-typescript-loader: 5.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) + cosmiconfig-typescript-loader: 6.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) lodash.isplainobject: 4.0.6 lodash.merge: 4.6.2 lodash.uniq: 4.5.0 @@ -609,11 +609,11 @@ snapshots: meow: 12.1.1 split2: 4.2.0 - cosmiconfig-typescript-loader@5.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): + cosmiconfig-typescript-loader@6.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): dependencies: '@types/node': 22.10.1 cosmiconfig: 9.0.0(typescript@5.7.2) - jiti: 1.21.6 + jiti: 2.4.1 typescript: 5.7.2 cosmiconfig@9.0.0(typescript@5.7.2): @@ -684,7 +684,7 @@ snapshots: dependencies: text-extensions: 2.4.0 - jiti@1.21.6: {} + jiti@2.4.1: {} js-tokens@4.0.0: {} From 6f8cc8ee53d98a68db0bffdb2dad6bb2dab9698f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 00:23:55 +0000 Subject: [PATCH 094/105] chore(deps): lock file maintenance --- pnpm-lock.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e3a4b01e..d5b16921 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: devDependencies: '@commitlint/cli': specifier: 19.6.1 - version: 19.6.1(@types/node@22.10.1)(typescript@5.7.2) + version: 19.6.1(@types/node@22.10.2)(typescript@5.7.2) '@commitlint/config-conventional': specifier: 19.6.0 version: 19.6.0 @@ -103,8 +103,8 @@ packages: '@types/conventional-commits-parser@5.0.1': resolution: {integrity: sha512-7uz5EHdzz2TqoMfV7ee61Egf5y6NkcO4FB/1iCCQnbeiI1F3xzv3vK5dBCXUCLQgGYS+mUeigK1iKQzvED+QnQ==} - '@types/node@22.10.1': - resolution: {integrity: sha512-qKgsUwfHZV2WCWLAnVP1JqnpE6Im6h3Y0+fYgMTasNQ7V++CBX5OT1as0g0f+OyubbFqhf6XVNIsmN4IIhEgGQ==} + '@types/node@22.10.2': + resolution: {integrity: sha512-Xxr6BBRCAOQixvonOye19wnzyDiUtTeqldOOmj3CkeblonbccA12PFwlufvRdrpjXxqnmUaeiU5EOA+7s5diUQ==} JSONStream@1.3.5: resolution: {integrity: sha512-E+iruNOY8VV9s4JEbe1aNEm6MiszPRr/UfcHMz0TQh1BXSxHK+ASV1R6W4HpjBhSeS+54PIsAMCBmwD06LLsqQ==} @@ -429,11 +429,11 @@ snapshots: '@babel/helper-validator-identifier@7.25.9': {} - '@commitlint/cli@19.6.1(@types/node@22.10.1)(typescript@5.7.2)': + '@commitlint/cli@19.6.1(@types/node@22.10.2)(typescript@5.7.2)': dependencies: '@commitlint/format': 19.5.0 '@commitlint/lint': 19.6.0 - '@commitlint/load': 19.6.1(@types/node@22.10.1)(typescript@5.7.2) + '@commitlint/load': 19.6.1(@types/node@22.10.2)(typescript@5.7.2) '@commitlint/read': 19.5.0 '@commitlint/types': 19.5.0 tinyexec: 0.3.1 @@ -480,7 +480,7 @@ snapshots: '@commitlint/rules': 19.6.0 '@commitlint/types': 19.5.0 - '@commitlint/load@19.6.1(@types/node@22.10.1)(typescript@5.7.2)': + '@commitlint/load@19.6.1(@types/node@22.10.2)(typescript@5.7.2)': dependencies: '@commitlint/config-validator': 19.5.0 '@commitlint/execute-rule': 19.5.0 @@ -488,7 +488,7 @@ snapshots: '@commitlint/types': 19.5.0 chalk: 5.3.0 cosmiconfig: 9.0.0(typescript@5.7.2) - cosmiconfig-typescript-loader: 6.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) + cosmiconfig-typescript-loader: 6.1.0(@types/node@22.10.2)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) lodash.isplainobject: 4.0.6 lodash.merge: 4.6.2 lodash.uniq: 4.5.0 @@ -541,9 +541,9 @@ snapshots: '@types/conventional-commits-parser@5.0.1': dependencies: - '@types/node': 22.10.1 + '@types/node': 22.10.2 - '@types/node@22.10.1': + '@types/node@22.10.2': dependencies: undici-types: 6.20.0 @@ -609,9 +609,9 @@ snapshots: meow: 12.1.1 split2: 4.2.0 - cosmiconfig-typescript-loader@6.1.0(@types/node@22.10.1)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): + cosmiconfig-typescript-loader@6.1.0(@types/node@22.10.2)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2): dependencies: - '@types/node': 22.10.1 + '@types/node': 22.10.2 cosmiconfig: 9.0.0(typescript@5.7.2) jiti: 2.4.1 typescript: 5.7.2 From 3ead5b32ff070c519d7fbda617a2066552fddde0 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Mon, 16 Dec 2024 04:46:08 +0100 Subject: [PATCH 095/105] refactor(schema): move into test directory (#104) --- CONTRIBUTING.md | 2 +- Dockerfile | 38 +++++++++++++------ {schema => test/schema}/schema-update.sh | 0 {schema => test/schema}/schema.definition.sql | 0 4 files changed, 27 insertions(+), 13 deletions(-) rename {schema => test/schema}/schema-update.sh (100%) rename {schema => test/schema}/schema.definition.sql (100%) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d20a12d2..c74751df 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -36,7 +36,7 @@ Please make sure that the queries and mutations listed on the page align with th Before submitting a pull request, it's important to update the schema artifacts to ensure consistency. We have a script to make this process easier. Run the following command: ``` -schema/schema-update.sh +test/schema/schema-update.sh ``` This script will regenerate the necessary schema files and update other artifacts as needed. Make sure to include these changes in your pull request. diff --git a/Dockerfile b/Dockerfile index 4ab39a12..31f298f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,18 +2,28 @@ # check=skip=SecretsUsedInArgOrEnv ############################## -FROM sqitch/sqitch:v1.4.1.3 AS development +FROM sqitch/sqitch:v1.4.1.3 AS prepare WORKDIR /srv/app + +############################## +FROM prepare AS development + VOLUME /srv/app -ENTRYPOINT ["/srv/app/docker-entrypoint.sh"] +ENTRYPOINT ["docker-entrypoint.sh"] CMD ["sqitch", "--chdir", "src", "deploy", "&&", "sleep", "infinity"] ########################### -FROM postgres:17.2 AS build +FROM prepare AS build + +COPY ./src ./ + + +########################### +FROM postgres:17.2 AS test-build ENV POSTGRES_DB=maevsi ENV POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password @@ -41,26 +51,30 @@ RUN export SQITCH_TARGET="$(cat SQITCH_TARGET.env)" \ && pg_dump -s -h localhost -U postgres -p 5432 maevsi | sed -e '/^-- Dumped/d' > schema.sql \ && sqitch revert -t db:pg://postgres:postgres@/maevsi -############################## -FROM alpine:3.21.0 AS validate -WORKDIR /srv/app +############################## +FROM test-build AS test -COPY ./schema ./ -COPY --from=build /srv/app ./ +COPY ./test/schema/schema.definition.sql ./ RUN diff schema.definition.sql schema.sql ############################## -FROM sqitch/sqitch:v1.4.1.3 AS production +FROM prepare AS collect -ENV ENV=production +COPY --from=test /srv/app/schema.sql /dev/null +COPY --from=build /srv/app ./ -WORKDIR /srv/app + +############################## +FROM collect AS production + +# used in docker entrypoint +ENV ENV=production COPY ./docker-entrypoint.sh /usr/local/bin/ -COPY --from=validate /srv/app ./ +COPY --from=collect /srv/app ./ ENTRYPOINT ["docker-entrypoint.sh"] CMD ["sqitch", "deploy", "&&", "sleep", "infinity"] diff --git a/schema/schema-update.sh b/test/schema/schema-update.sh similarity index 100% rename from schema/schema-update.sh rename to test/schema/schema-update.sh diff --git a/schema/schema.definition.sql b/test/schema/schema.definition.sql similarity index 100% rename from schema/schema.definition.sql rename to test/schema/schema.definition.sql From dd431d69e7216516364c8e98a67478afad392e63 Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Mon, 16 Dec 2024 04:53:11 +0100 Subject: [PATCH 096/105] test(schema): correct build script command --- test/schema/schema-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/schema/schema-update.sh b/test/schema/schema-update.sh index 8425572a..19c94248 100755 --- a/test/schema/schema-update.sh +++ b/test/schema/schema-update.sh @@ -3,7 +3,7 @@ THIS=$(dirname "$(readlink -f "$0")") image=maevsi/sqitch -sudo docker build -t "$image:build" --target build "$THIS/.." # --no-cache --progress plain +sudo docker build -t "$image:build" --target test-build "$THIS/../.." # --no-cache --progress plain container_id="$(sudo docker create $image:build)" sudo docker cp "$container_id:/srv/app/schema.sql" "$THIS/schema.definition.sql" From 7f680fdf32c6c0f9b7094195806b1698ad5790ab Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 04:41:31 +0000 Subject: [PATCH 097/105] chore(deps): update dargmuesli/github-actions action to v2.3.9 --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-schedule.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e82c671..1340b6f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: release_semantic_dry: needs: prepare_jobs name: Release (semantic, dry) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.8 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.9 if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' permissions: contents: write @@ -35,7 +35,7 @@ jobs: DRY_RUN: true build: name: Build - uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.8 + uses: dargmuesli/github-actions/.github/workflows/docker.yml@2.3.9 needs: release_semantic_dry permissions: packages: write @@ -44,7 +44,7 @@ jobs: release_semantic: needs: build name: Release (semantic) - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.8 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.3.9 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index 8736496d..ba1bb14e 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.8 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.3.9 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: From fecd16ea860a18f0cfdaa7f0118899acf4133cce Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Wed, 18 Dec 2024 12:08:17 +0100 Subject: [PATCH 098/105] fix(role): drop before creation (#106) --- src/deploy/role_account.sql | 1 + src/deploy/role_anonymous.sql | 1 + src/deploy/role_grafana.sql | 1 + src/deploy/role_postgraphile.sql | 2 ++ src/deploy/role_tusd.sql | 2 ++ 5 files changed, 7 insertions(+) diff --git a/src/deploy/role_account.sql b/src/deploy/role_account.sql index 7db9cc08..49adaa71 100644 --- a/src/deploy/role_account.sql +++ b/src/deploy/role_account.sql @@ -1,5 +1,6 @@ BEGIN; +DROP ROLE IF EXISTS maevsi_account; CREATE ROLE maevsi_account; GRANT maevsi_account to maevsi_postgraphile; diff --git a/src/deploy/role_anonymous.sql b/src/deploy/role_anonymous.sql index ab877900..f7daa6c6 100644 --- a/src/deploy/role_anonymous.sql +++ b/src/deploy/role_anonymous.sql @@ -1,5 +1,6 @@ BEGIN; +DROP ROLE IF EXISTS maevsi_anonymous; CREATE ROLE maevsi_anonymous; GRANT maevsi_anonymous to maevsi_postgraphile; diff --git a/src/deploy/role_grafana.sql b/src/deploy/role_grafana.sql index ea0acc8f..fd773cf0 100644 --- a/src/deploy/role_grafana.sql +++ b/src/deploy/role_grafana.sql @@ -5,6 +5,7 @@ BEGIN; \set role_grafana_password `cat /run/secrets/postgres_role_grafana_password` \set role_grafana_username `cat /run/secrets/postgres_role_grafana_username` +DROP ROLE IF EXISTS :role_grafana_username; CREATE ROLE :role_grafana_username LOGIN PASSWORD :'role_grafana_password'; GRANT ALL PRIVILEGES ON DATABASE grafana TO :role_grafana_username; diff --git a/src/deploy/role_postgraphile.sql b/src/deploy/role_postgraphile.sql index 805a9401..6b4223b3 100644 --- a/src/deploy/role_postgraphile.sql +++ b/src/deploy/role_postgraphile.sql @@ -1,6 +1,8 @@ BEGIN; \set role_maevsi_postgraphile_password `cat /run/secrets/postgres_role_maevsi-postgraphile_password` + +DROP ROLE IF EXISTS maevsi_postgraphile; CREATE ROLE maevsi_postgraphile LOGIN PASSWORD :'role_maevsi_postgraphile_password'; COMMIT; diff --git a/src/deploy/role_tusd.sql b/src/deploy/role_tusd.sql index b0bfc580..a3f57012 100644 --- a/src/deploy/role_tusd.sql +++ b/src/deploy/role_tusd.sql @@ -1,6 +1,8 @@ BEGIN; \set role_maevsi_tusd_password `cat /run/secrets/postgres_role_maevsi-tusd_password` + +DROP ROLE IF EXISTS maevsi_tusd; CREATE ROLE maevsi_tusd LOGIN PASSWORD :'role_maevsi_tusd_password'; GRANT maevsi_tusd to maevsi_postgraphile; From fec95050ff78af7e31700df41cfead3993b208be Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 18 Dec 2024 11:10:31 +0000 Subject: [PATCH 099/105] chore(release): 4.9.1 [skip ci] ## [4.9.1](https://github.com/maevsi/sqitch/compare/4.9.0...4.9.1) (2024-12-18) ### Bug Fixes * **role:** drop before creation ([#106](https://github.com/maevsi/sqitch/issues/106)) ([fecd16e](https://github.com/maevsi/sqitch/commit/fecd16ea860a18f0cfdaa7f0118899acf4133cce)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77717fbb..f667d880 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.9.1](https://github.com/maevsi/sqitch/compare/4.9.0...4.9.1) (2024-12-18) + +### Bug Fixes + +* **role:** drop before creation ([#106](https://github.com/maevsi/sqitch/issues/106)) ([fecd16e](https://github.com/maevsi/sqitch/commit/fecd16ea860a18f0cfdaa7f0118899acf4133cce)) + ## [4.9.0](https://github.com/maevsi/sqitch/compare/4.8.0...4.9.0) (2024-12-12) ### Features diff --git a/package.json b/package.json index bd81b275..d6879ca0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.9.0", + "version": "4.9.1", "private": true, "engines": { "node": "22" From 7b75524def9ab2575db922567e9d6db87ef3a929 Mon Sep 17 00:00:00 2001 From: sthelemann Date: Thu, 19 Dec 2024 18:06:37 +0100 Subject: [PATCH 100/105] feat(event): mark events as favourite (#109) Table event_favourite added. --- src/deploy/table_event_favourite.sql | 14 ++++ src/deploy/table_event_favourite_policy.sql | 14 ++++ src/revert/table_event_favourite.sql | 5 ++ src/revert/table_event_favourite_policy.sql | 5 ++ src/sqitch.plan | 2 + src/verify/table_event_favourite.sql | 7 ++ src/verify/table_event_favourite_policy.sql | 19 +++++ test/schema/schema.definition.sql | 77 +++++++++++++++++++++ 8 files changed, 143 insertions(+) create mode 100644 src/deploy/table_event_favourite.sql create mode 100644 src/deploy/table_event_favourite_policy.sql create mode 100644 src/revert/table_event_favourite.sql create mode 100644 src/revert/table_event_favourite_policy.sql create mode 100644 src/verify/table_event_favourite.sql create mode 100644 src/verify/table_event_favourite_policy.sql diff --git a/src/deploy/table_event_favourite.sql b/src/deploy/table_event_favourite.sql new file mode 100644 index 00000000..cd8e1c70 --- /dev/null +++ b/src/deploy/table_event_favourite.sql @@ -0,0 +1,14 @@ +BEGIN; + +CREATE TABLE maevsi.event_favourite ( + account_id uuid NOT NULL REFERENCES maevsi.account(id) ON DELETE CASCADE, + event_id uuid NOT NULL REFERENCES maevsi.event(id) ON DELETE CASCADE, + + PRIMARY KEY (account_id, event_id) +); + +COMMENT ON TABLE maevsi.event_favourite IS 'The user accounts'' favourite events.'; +COMMENT ON COLUMN maevsi.event_favourite.account_id IS 'A user account id.'; +COMMENT ON COLUMN maevsi.event_favourite.event_id IS 'The ID of an event which the user marked as a favourite.'; + +COMMIT; diff --git a/src/deploy/table_event_favourite_policy.sql b/src/deploy/table_event_favourite_policy.sql new file mode 100644 index 00000000..825cbafc --- /dev/null +++ b/src/deploy/table_event_favourite_policy.sql @@ -0,0 +1,14 @@ +BEGIN; + +GRANT SELECT, INSERT, DELETE ON TABLE maevsi.event_favourite TO maevsi_account; + +ALTER TABLE maevsi.event_favourite ENABLE ROW LEVEL SECURITY; + +-- Only allow selects by the current user. +CREATE POLICY event_favourite_select ON maevsi.event_favourite FOR SELECT USING ( + maevsi.invoker_account_id() IS NOT NULL + AND + account_id = maevsi.invoker_account_id() +); + +COMMIT; diff --git a/src/revert/table_event_favourite.sql b/src/revert/table_event_favourite.sql new file mode 100644 index 00000000..b6948718 --- /dev/null +++ b/src/revert/table_event_favourite.sql @@ -0,0 +1,5 @@ +BEGIN; + +DROP TABLE maevsi.event_favourite; + +COMMIT; diff --git a/src/revert/table_event_favourite_policy.sql b/src/revert/table_event_favourite_policy.sql new file mode 100644 index 00000000..57626801 --- /dev/null +++ b/src/revert/table_event_favourite_policy.sql @@ -0,0 +1,5 @@ +BEGIN; + +DROP POLICY event_favourite_select ON maevsi.event_favourite; + +COMMIT; diff --git a/src/sqitch.plan b/src/sqitch.plan index e30d7089..d63d86da 100644 --- a/src/sqitch.plan +++ b/src/sqitch.plan @@ -88,3 +88,5 @@ table_event_category_mapping [schema_public table_event table_event_category] 19 table_event_category_mapping_policy [schema_public table_event_category_mapping role_anonymous role_account table_event]1970-01-01T00:00:00Z marlon # Row level security policies for table table_event_category_mapping. table_event_recommendation [schema_public table_account_public table_event] 1970-01-01T00:00:00Z marlon # Events recommended to a user account (M:N relationship). table_event_recommendation_policy [schema_public table_event_recommendation role_account] 1970-01-01T00:00:00Z marlon # Row level security policies for table event_recommendation. +table_event_favourite [schema_public table_account_public table_event] 1970-01-01T00:00:00Z Sven Thelemann # A table for the user accounts' favourite events. +table_event_favourite_policy [schema_public table_account_public table_event role_account] 1970-01-01T00:00:00Z Sven Thelemann # Policy for table event_favourite. diff --git a/src/verify/table_event_favourite.sql b/src/verify/table_event_favourite.sql new file mode 100644 index 00000000..d8a84704 --- /dev/null +++ b/src/verify/table_event_favourite.sql @@ -0,0 +1,7 @@ +BEGIN; + +SELECT account_id, + event_id +FROM maevsi.event_favourite WHERE FALSE; + +ROLLBACK; diff --git a/src/verify/table_event_favourite_policy.sql b/src/verify/table_event_favourite_policy.sql new file mode 100644 index 00000000..5bfddb43 --- /dev/null +++ b/src/verify/table_event_favourite_policy.sql @@ -0,0 +1,19 @@ +BEGIN; + +DO $$ +BEGIN + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_favourite', 'SELECT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_favourite', 'INSERT')); + ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_favourite', 'DELETE')); + ASSERT NOT(SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.event_favourite', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_favourite', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_favourite', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_favourite', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.event_favourite', 'DELETE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_favourite', 'SELECT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_favourite', 'INSERT')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_favourite', 'UPDATE')); + ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.event_favourite', 'DELETE')); +END $$; + +ROLLBACK; diff --git a/test/schema/schema.definition.sql b/test/schema/schema.definition.sql index 55ecc4bc..ce3fb77b 100644 --- a/test/schema/schema.definition.sql +++ b/test/schema/schema.definition.sql @@ -2063,6 +2063,39 @@ COMMENT ON COLUMN maevsi.event_category_mapping.event_id IS 'An event id.'; COMMENT ON COLUMN maevsi.event_category_mapping.category IS 'A category name.'; +-- +-- Name: event_favourite; Type: TABLE; Schema: maevsi; Owner: postgres +-- + +CREATE TABLE maevsi.event_favourite ( + account_id uuid NOT NULL, + event_id uuid NOT NULL +); + + +ALTER TABLE maevsi.event_favourite OWNER TO postgres; + +-- +-- Name: TABLE event_favourite; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON TABLE maevsi.event_favourite IS 'The user accounts'' favourite events.'; + + +-- +-- Name: COLUMN event_favourite.account_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_favourite.account_id IS 'A user account id.'; + + +-- +-- Name: COLUMN event_favourite.event_id; Type: COMMENT; Schema: maevsi; Owner: postgres +-- + +COMMENT ON COLUMN maevsi.event_favourite.event_id IS 'The ID of an event which the user marked as a favourite.'; + + -- -- Name: event_group; Type: TABLE; Schema: maevsi; Owner: postgres -- @@ -3494,6 +3527,14 @@ ALTER TABLE ONLY maevsi.event_category ADD CONSTRAINT event_category_pkey PRIMARY KEY (category); +-- +-- Name: event_favourite event_favourite_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_favourite + ADD CONSTRAINT event_favourite_pkey PRIMARY KEY (account_id, event_id); + + -- -- Name: event_group event_group_author_account_id_slug_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -3995,6 +4036,22 @@ ALTER TABLE ONLY maevsi.event_category_mapping ADD CONSTRAINT event_category_mapping_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; +-- +-- Name: event_favourite event_favourite_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_favourite + ADD CONSTRAINT event_favourite_account_id_fkey FOREIGN KEY (account_id) REFERENCES maevsi.account(id) ON DELETE CASCADE; + + +-- +-- Name: event_favourite event_favourite_event_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE ONLY maevsi.event_favourite + ADD CONSTRAINT event_favourite_event_id_fkey FOREIGN KEY (event_id) REFERENCES maevsi.event(id) ON DELETE CASCADE; + + -- -- Name: event_group event_group_author_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres -- @@ -4375,6 +4432,19 @@ CREATE POLICY event_category_mapping_select ON maevsi.event_category_mapping FOR WHERE (event.id = event_category_mapping.event_id)) = maevsi.invoker_account_id())) OR (event_id IN ( SELECT maevsi_private.events_invited() AS events_invited)))); +-- +-- Name: event_favourite; Type: ROW SECURITY; Schema: maevsi; Owner: postgres +-- + +ALTER TABLE maevsi.event_favourite ENABLE ROW LEVEL SECURITY; + +-- +-- Name: event_favourite event_favourite_select; Type: POLICY; Schema: maevsi; Owner: postgres +-- + +CREATE POLICY event_favourite_select ON maevsi.event_favourite FOR SELECT USING (((maevsi.invoker_account_id() IS NOT NULL) AND (account_id = maevsi.invoker_account_id()))); + + -- -- Name: event_group; Type: ROW SECURITY; Schema: maevsi; Owner: postgres -- @@ -5218,6 +5288,13 @@ GRANT SELECT ON TABLE maevsi.event_category_mapping TO maevsi_anonymous; GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_category_mapping TO maevsi_account; +-- +-- Name: TABLE event_favourite; Type: ACL; Schema: maevsi; Owner: postgres +-- + +GRANT SELECT,INSERT,DELETE ON TABLE maevsi.event_favourite TO maevsi_account; + + -- -- Name: TABLE event_group; Type: ACL; Schema: maevsi; Owner: postgres -- From 5bb7155d6dd2fee4808692991b02f4de6f0f314f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 19 Dec 2024 17:08:50 +0000 Subject: [PATCH 101/105] chore(release): 4.10.0 [skip ci] ## [4.10.0](https://github.com/maevsi/sqitch/compare/4.9.1...4.10.0) (2024-12-19) ### Features * **event:** mark events as favourite ([#109](https://github.com/maevsi/sqitch/issues/109)) ([7b75524](https://github.com/maevsi/sqitch/commit/7b75524def9ab2575db922567e9d6db87ef3a929)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f667d880..757f0929 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.10.0](https://github.com/maevsi/sqitch/compare/4.9.1...4.10.0) (2024-12-19) + +### Features + +* **event:** mark events as favourite ([#109](https://github.com/maevsi/sqitch/issues/109)) ([7b75524](https://github.com/maevsi/sqitch/commit/7b75524def9ab2575db922567e9d6db87ef3a929)) + ## [4.9.1](https://github.com/maevsi/sqitch/compare/4.9.0...4.9.1) (2024-12-18) ### Bug Fixes diff --git a/package.json b/package.json index d6879ca0..ff11205a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.9.1", + "version": "4.10.0", "private": true, "engines": { "node": "22" From 298c1f6c05c5c57d1d903fad31734c5702e38014 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 02:18:12 +0000 Subject: [PATCH 102/105] chore(deps): update pnpm to v9.15.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ff11205a..69eab5e7 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "engines": { "node": "22" }, - "packageManager": "pnpm@9.15.0", + "packageManager": "pnpm@9.15.1", "scripts": { "prepare": "husky" }, From 486296a93eb8e3ac8261d57c82853d0c4e0b2e31 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 01:09:13 +0000 Subject: [PATCH 103/105] chore(deps): lock file maintenance --- pnpm-lock.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d5b16921..bd148290 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -131,8 +131,8 @@ packages: resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==} engines: {node: '>=6'} - chalk@5.3.0: - resolution: {integrity: sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==} + chalk@5.4.1: + resolution: {integrity: sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==} engines: {node: ^12.17.0 || ^14.13 || >=16.0.0} cliui@8.0.1: @@ -259,8 +259,8 @@ packages: resolution: {integrity: sha512-+oDTluR6WEjdXEJMnC2z6A4FRwFoYuvShVVEGsS7ewc0UTi2QtAKMDJuL4BDEVt+5T7MjFo12RP8ghOM75oKJw==} engines: {node: '>=8'} - jiti@2.4.1: - resolution: {integrity: sha512-yPBThwecp1wS9DmoA4x4KR2h3QoslacnDR8ypuFM962kI4/456Iy1oHx2RAgh4jfZNdn0bctsdadceiBUgpU1g==} + jiti@2.4.2: + resolution: {integrity: sha512-rg9zJN+G4n2nfJl5MW3BMygZX56zKPNVEYYqq7adpmMh4Jn2QNEwhvQlFy6jPVdcod7txZtKHWnyZiA3a0zP7A==} hasBin: true js-tokens@4.0.0: @@ -466,7 +466,7 @@ snapshots: '@commitlint/format@19.5.0': dependencies: '@commitlint/types': 19.5.0 - chalk: 5.3.0 + chalk: 5.4.1 '@commitlint/is-ignored@19.6.0': dependencies: @@ -486,7 +486,7 @@ snapshots: '@commitlint/execute-rule': 19.5.0 '@commitlint/resolve-extends': 19.5.0 '@commitlint/types': 19.5.0 - chalk: 5.3.0 + chalk: 5.4.1 cosmiconfig: 9.0.0(typescript@5.7.2) cosmiconfig-typescript-loader: 6.1.0(@types/node@22.10.2)(cosmiconfig@9.0.0(typescript@5.7.2))(typescript@5.7.2) lodash.isplainobject: 4.0.6 @@ -537,7 +537,7 @@ snapshots: '@commitlint/types@19.5.0': dependencies: '@types/conventional-commits-parser': 5.0.1 - chalk: 5.3.0 + chalk: 5.4.1 '@types/conventional-commits-parser@5.0.1': dependencies: @@ -571,7 +571,7 @@ snapshots: callsites@3.1.0: {} - chalk@5.3.0: {} + chalk@5.4.1: {} cliui@8.0.1: dependencies: @@ -613,7 +613,7 @@ snapshots: dependencies: '@types/node': 22.10.2 cosmiconfig: 9.0.0(typescript@5.7.2) - jiti: 2.4.1 + jiti: 2.4.2 typescript: 5.7.2 cosmiconfig@9.0.0(typescript@5.7.2): @@ -684,7 +684,7 @@ snapshots: dependencies: text-extensions: 2.4.0 - jiti@2.4.1: {} + jiti@2.4.2: {} js-tokens@4.0.0: {} From 7dbc9bbe6c23449418012ed2eb439df4400749bf Mon Sep 17 00:00:00 2001 From: dargmuesli Date: Sat, 28 Dec 2024 00:45:30 +0000 Subject: [PATCH 104/105] fix: schedule release From 5745c1b5e88cb52a40418a9a08eb8d848a924803 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 28 Dec 2024 00:47:31 +0000 Subject: [PATCH 105/105] chore(release): 4.10.1 [skip ci] ## [4.10.1](https://github.com/maevsi/sqitch/compare/4.10.0...4.10.1) (2024-12-28) ### Bug Fixes * schedule release ([7dbc9bb](https://github.com/maevsi/sqitch/commit/7dbc9bbe6c23449418012ed2eb439df4400749bf)) --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 757f0929..71553f7a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.10.1](https://github.com/maevsi/sqitch/compare/4.10.0...4.10.1) (2024-12-28) + +### Bug Fixes + +* schedule release ([7dbc9bb](https://github.com/maevsi/sqitch/commit/7dbc9bbe6c23449418012ed2eb439df4400749bf)) + ## [4.10.0](https://github.com/maevsi/sqitch/compare/4.9.1...4.10.0) (2024-12-19) ### Features diff --git a/package.json b/package.json index 69eab5e7..d3ac50bd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@maevsi/sqitch", - "version": "4.10.0", + "version": "4.10.1", "private": true, "engines": { "node": "22"