feat(account): add possibility to block

schema/schema.definition.sql

@@ -1594,6 +1594,57 @@ COMMENT ON COLUMN maevsi.account.id IS 'The account''s internal id.';
 COMMENT ON COLUMN maevsi.account.username IS 'The account''s username.';
 
 
+--
+-- Name: account_block; Type: TABLE; Schema: maevsi; Owner: postgres
+--
+
+CREATE TABLE maevsi.account_block (
+    id uuid DEFAULT gen_random_uuid() NOT NULL,
+    author_account_id uuid NOT NULL,
+    blocked_account_id uuid NOT NULL,
+    created timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,
+    CONSTRAINT account_block_check CHECK ((author_account_id <> blocked_account_id))
+);
+
+
+ALTER TABLE maevsi.account_block OWNER TO postgres;
+
+--
+-- Name: TABLE account_block; Type: COMMENT; Schema: maevsi; Owner: postgres
+--
+
+COMMENT ON TABLE maevsi.account_block IS 'Blocking of an account by another account.';
+
+
+--
+-- Name: COLUMN account_block.id; Type: COMMENT; Schema: maevsi; Owner: postgres
+--
+
+COMMENT ON COLUMN maevsi.account_block.id IS '@omit create,update
+The blocking''s internal id.';
+
+
+--
+-- Name: COLUMN account_block.author_account_id; Type: COMMENT; Schema: maevsi; Owner: postgres
+--
+
+COMMENT ON COLUMN maevsi.account_block.author_account_id IS 'The id of the user who created the blocking.';
+
+
+--
+-- Name: COLUMN account_block.blocked_account_id; Type: COMMENT; Schema: maevsi; Owner: postgres
+--
+
+COMMENT ON COLUMN maevsi.account_block.blocked_account_id IS 'The id of the account to be blocked.';
+
+
+--
+-- Name: COLUMN account_block.created; Type: COMMENT; Schema: maevsi; Owner: postgres
+--
+
+COMMENT ON COLUMN maevsi.account_block.created IS 'The timestamp when the blocking was created.';
+
+
 --
 -- Name: achievement; Type: TABLE; Schema: maevsi; Owner: postgres
 --
@@ -2688,6 +2739,22 @@ COMMENT ON COLUMN sqitch.tags.planner_name IS 'Name of the user who planed the t
 COMMENT ON COLUMN sqitch.tags.planner_email IS 'Email address of the user who planned the tag.';
 
 
+--
+-- Name: account_block account_block_author_account_id_blocked_account_id_key; Type: CONSTRAINT; Schema: maevsi; Owner: postgres
+--
+
+ALTER TABLE ONLY maevsi.account_block
+    ADD CONSTRAINT account_block_author_account_id_blocked_account_id_key UNIQUE (author_account_id, blocked_account_id);
+
+
+--
+-- Name: account_block account_block_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres
+--
+
+ALTER TABLE ONLY maevsi.account_block
+    ADD CONSTRAINT account_block_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: account account_pkey; Type: CONSTRAINT; Schema: maevsi; Owner: postgres
 --
@@ -3079,6 +3146,22 @@ CREATE TRIGGER maevsi_private_account_password_reset_verification_valid_until BE
 CREATE TRIGGER maevsi_private_notification BEFORE INSERT ON maevsi_private.notification FOR EACH ROW EXECUTE FUNCTION maevsi_private.notify();
 
 
+--
+-- Name: account_block account_block_author_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres
+--
+
+ALTER TABLE ONLY maevsi.account_block
+    ADD CONSTRAINT account_block_author_account_id_fkey FOREIGN KEY (author_account_id) REFERENCES maevsi.account(id);
+
+
+--
+-- Name: account_block account_block_blocked_account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres
+--
+
+ALTER TABLE ONLY maevsi.account_block
+    ADD CONSTRAINT account_block_blocked_account_id_fkey FOREIGN KEY (blocked_account_id) REFERENCES maevsi.account(id);
+
+
 --
 -- Name: account account_id_fkey; Type: FK CONSTRAINT; Schema: maevsi; Owner: postgres
 --
@@ -3237,6 +3320,26 @@ ALTER TABLE ONLY sqitch.tags
 
 ALTER TABLE maevsi.account ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: account_block; Type: ROW SECURITY; Schema: maevsi; Owner: postgres
+--
+
+ALTER TABLE maevsi.account_block ENABLE ROW LEVEL SECURITY;
+
+--
+-- Name: account_block account_block_insert; Type: POLICY; Schema: maevsi; Owner: postgres
+--
+
+CREATE POLICY account_block_insert ON maevsi.account_block FOR INSERT WITH CHECK ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)));
+
+
+--
+-- Name: account_block account_block_select; Type: POLICY; Schema: maevsi; Owner: postgres
+--
+
+CREATE POLICY account_block_select ON maevsi.account_block FOR SELECT USING ((((NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid IS NOT NULL) AND (author_account_id = (NULLIF(current_setting('jwt.claims.account_id'::text, true), ''::text))::uuid)));
+
+
 --
 -- Name: account account_select; Type: POLICY; Schema: maevsi; Owner: postgres
 --
@@ -3978,6 +4081,13 @@ GRANT SELECT ON TABLE maevsi.account TO maevsi_account;
 GRANT SELECT ON TABLE maevsi.account TO maevsi_anonymous;
 
 
+--
+-- Name: TABLE account_block; Type: ACL; Schema: maevsi; Owner: postgres
+--
+
+GRANT SELECT,INSERT ON TABLE maevsi.account_block TO maevsi_account;
+
+
 --
 -- Name: TABLE achievement; Type: ACL; Schema: maevsi; Owner: postgres
 --

src/deploy/table_account_block.sql

@@ -0,0 +1,22 @@
+-- Deploy maevsi:table_account_block to pg
+-- requires: schema_public
+-- requires: table_account_public
+
+BEGIN;
+
+CREATE TABLE maevsi.account_block (
+  id                  UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  author_account_id   UUID NOT NULL REFERENCES maevsi.account(id),
+  blocked_account_id  UUID NOT NULL REFERENCES maevsi.account(id),
+  created             TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  UNIQUE (author_account_id, blocked_account_id),
+  CHECK (author_account_id != blocked_account_id)
+);
+
+COMMENT ON TABLE maevsi.account_block IS 'Blocking of an account by another account.';
+COMMENT ON COLUMN maevsi.account_block.id IS E'@omit create,update\nThe blocking''s internal id.';
+COMMENT ON COLUMN maevsi.account_block.author_account_id IS 'The id of the user who created the blocking.';
+COMMENT ON COLUMN maevsi.account_block.blocked_account_id IS 'The id of the account to be blocked.';
+COMMENT ON COLUMN maevsi.account_block.created IS 'The timestamp when the blocking was created.';
+
+COMMIT;

src/deploy/table_account_block_policy.sql

@@ -0,0 +1,26 @@
+-- Deploy maevsi:table_account_block_policy to pg
+-- requires: schema_public
+-- requires: table_account_block
+-- requires: role_account
+
+BEGIN;
+
+GRANT INSERT, SELECT ON TABLE maevsi.account_block TO maevsi_account;
+
+ALTER TABLE maevsi.account_block ENABLE ROW LEVEL SECURITY;
+
+-- Only allow inserts for blocked accounts authored by the current user.
+CREATE POLICY account_block_insert ON maevsi.account_block FOR INSERT WITH CHECK (
+  NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL
+  AND
+  author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID
+);
+
+-- Only allow selects for blocked accounts authored by the current user.
+CREATE POLICY account_block_select ON maevsi.account_block FOR SELECT USING (
+  NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID IS NOT NULL
+  AND
+  author_account_id = NULLIF(current_setting('jwt.claims.account_id', true), '')::UUID
+);
+
+COMMIT;

src/revert/table_account_block.sql

@@ -0,0 +1,7 @@
+-- Revert maevsi:table_account_block from pg
+
+BEGIN;
+
+DROP TABLE maevsi.account_block;
+
+COMMIT;

src/revert/table_account_block_policy.sql

@@ -0,0 +1,8 @@
+-- Revert maevsi:table_account_block_policy from pg
+
+BEGIN;
+
+DROP POLICY.account_block_insert ON maevsi.account_block;
+DROP POLICY.account_block_select ON maevsi.account_block;
+
+COMMIT;

src/sqitch.plan

@@ -66,3 +66,5 @@ enum_achievement_type [schema_public] 1970-01-01T00:00:00Z Jonas Thelemann <e-ma
 table_achievement_code [schema_private schema_public enum_achievement_type] 1970-01-01T00:00:00Z Jonas Thelemann <e-mail+maevsi/[email protected]> # Codes that unlock achievements.
 table_achievement [schema_public table_account_public enum_achievement_type role_account role_anonymous] 1970-01-01T00:00:00Z Jonas Thelemann <e-mail+maevsi/[email protected]> # Achievement unlocks by user.
 function_achievement_unlock [privilege_execute_revoke schema_public enum_achievement_type schema_private table_achievement_code table_achievement role_account] 1970-01-01T00:00:00Z Jonas Thelemann <e-mail+maevsi/[email protected]> # Unlock achievements.
+table_account_block [schema_public table_account_public] 1970-01-01T00:00:00Z Sven Thelemann <[email protected]> # Blocking of an account by another account.
+table_account_block_policy [schema_public table_account_block role_account] 1970-01-01T00:00:00Z Sven Thelemann <[email protected]> # Policy for table account block.

src/verify/table_account_block.sql

@@ -0,0 +1,12 @@
+
+-- Verify maevsi:table_account_block on pg
+
+BEGIN;
+
+SELECT id,
+       author_account_id,
+       blocked_account_id,
+       created
+FROM maevsi.account_block WHERE FALSE;
+
+ROLLBACK;

src/verify/table_account_block_policy.sql

@@ -0,0 +1,25 @@
+-- Verify maevsi:table_account_block_policy on pg
+
+BEGIN;
+
+DO $$
+BEGIN
+  ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_block', 'INSERT'));
+  ASSERT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_block', 'SELECT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_block', 'UPDATE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_account', 'maevsi.account_block', 'DELETE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_block', 'SELECT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_block', 'INSERT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_block', 'UPDATE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_anonymous', 'maevsi.account_block', 'DELETE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_stomper', 'maevsi.account_block', 'SELECT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_stomper', 'maevsi.account_block', 'INSERT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_stomper', 'maevsi.account_block', 'UPDATE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_stomper', 'maevsi.account_block', 'DELETE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_block', 'SELECT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_block', 'INSERT'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_block', 'UPDATE'));
+  ASSERT NOT (SELECT pg_catalog.has_table_privilege('maevsi_tusd', 'maevsi.account_block', 'DELETE'));
+END $$;
+
+ROLLBACK;