db/schema/0400_perm.sql

create type public.perm_mode as enum ('-', 'r', 'w');

create table public.perm
  ( id               int              not null primary key generated always as identity
  , uid              human_uuid.huid  not null unique default human_uuid.huid()
  , owner_user       int              not null references public.usr(id)
  , owner_group      int              not null references public.grp(id)
  , owner_user_mode  public.perm_mode not null
  , owner_group_mode public.perm_mode not null
  , everyone_mode    public.perm_mode not null
  , path             text             not null unique
  );

create function do_insert_usr_perm() returns trigger language plpgsql as $$
declare
  admins int;
begin
  admins := (public.grp_admins()).id;

  insert into public.perm
    (path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
  values
    ('/users/' || human_uuid.huid_to_string(NEW.uid) || '/tag', NEW.id, admins, 'w', 'w', 'r')
  , ('/users/' || human_uuid.huid_to_string(NEW.uid) || '/email', NEW.id, admins, 'w', 'w', '-')
  , ('/users/' || human_uuid.huid_to_string(NEW.uid) || '/deleted', NEW.id, admins, 'w', 'w', '-')
  , ('/users/' || human_uuid.huid_to_string(NEW.uid) || '/password', NEW.id, admins, 'w', 'w', '-')
  ;

  return new;
end;
$$;

create trigger insert_usr_perm
after insert on public.usr
for each row execute function do_insert_usr_perm();

create function do_insert_grp_perm() returns trigger language plpgsql as $$
begin
  insert into public.perm
    (path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
  values
    ('/groups/' || human_uuid.huid_to_string(NEW.uid) || '/members', (public.get_acting_usr()).id, NEW.id, 'w', 'w', '-')
  , ('/groups/' || human_uuid.huid_to_string(NEW.uid) || '/name', (public.get_acting_usr()).id, NEW.id, 'w', 'w', 'r')
  ;

  return new;
end;
$$;

create trigger insert_grp_perm
after insert on public.grp
for each row
execute function do_insert_grp_perm();

create function do_insert_community_perm() returns trigger language plpgsql as $$
begin
  -- TODO: insert some default community groups, use community_XX_admin as group owner

  insert into public.perm
    (path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
  values
    ('/communities/' || human_uuid.huid_to_string(NEW.uid) || '/posts', (public.get_acting_usr()).id, NEW.id, 'w', 'w', 'r')
  , ('/communities/' || human_uuid.huid_to_string(NEW.uid) || '/tag', (public.get_acting_usr()).id, NEW.id, 'w', 'w', 'r')
  , ('/communities/' || human_uuid.huid_to_string(NEW.uid) || '/deleted', (public.get_acting_usr()).id, NEW.id, 'w', 'w', '-')
  ;

  return new;
end;
$$;

create trigger insert_community_perm
after insert on public.community
for each row
execute function do_insert_community_perm();

select audit( 'public'
            , 'perm'
            , array[ row('owner_user', 'int')
                   , row('owner_group', 'int')
                   , row('owner_user_mode', 'public.perm_mode')
                   , row('owner_group_mode', 'public.perm_mode')
                   , row('everyone_mode', 'public.perm_mode')
                   ] :: audited_column[]
            , soft_delete => false
            );

select immutable( 'public'
                , 'perm'
                , array[ 'id'
                       , 'uid'
                       , 'path'
                       ]
                );
feat: permissions 2023-07-14 22:13:34 +00:00			`create type public.perm_mode as enum ('-', 'r', 'w');`

			`create table public.perm`
			`( id int not null primary key generated always as identity`
feat: human uid 2023-07-16 02:03:16 +00:00			`, uid human_uuid.huid not null unique default human_uuid.huid()`
feat: permissions 2023-07-14 22:13:34 +00:00			`, owner_user int not null references public.usr(id)`
			`, owner_group int not null references public.grp(id)`
			`, owner_user_mode public.perm_mode not null`
			`, owner_group_mode public.perm_mode not null`
			`, everyone_mode public.perm_mode not null`
			`, path text not null unique`
			`);`

			`create function do_insert_usr_perm() returns trigger language plpgsql as $$`
			`declare`
			`admins int;`
			`begin`
feat: human uid 2023-07-16 02:03:16 +00:00			`admins := (public.grp_admins()).id;`
feat: permissions 2023-07-14 22:13:34 +00:00
			`insert into public.perm`
			`(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)`
			`values`
feat: human uid 2023-07-16 02:03:16 +00:00			`('/users/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/tag', NEW.id, admins, 'w', 'w', 'r')`
			`, ('/users/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/email', NEW.id, admins, 'w', 'w', '-')`
			`, ('/users/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/deleted', NEW.id, admins, 'w', 'w', '-')`
			`, ('/users/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/password', NEW.id, admins, 'w', 'w', '-')`
feat: permissions 2023-07-14 22:13:34 +00:00			`;`

			`return new;`
			`end;`
			`$$;`

			`create trigger insert_usr_perm`
			`after insert on public.usr`
			`for each row execute function do_insert_usr_perm();`

			`create function do_insert_grp_perm() returns trigger language plpgsql as $$`
			`begin`
			`insert into public.perm`
			`(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)`
			`values`
feat: human uid 2023-07-16 02:03:16 +00:00			`('/groups/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/members', (public.get_acting_usr()).id, NEW.id, 'w', 'w', '-')`
fix: bugs 2023-07-21 05:10:02 +00:00			`, ('/groups/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/name', (public.get_acting_usr()).id, NEW.id, 'w', 'w', 'r')`
feat: permissions 2023-07-14 22:13:34 +00:00			`;`

			`return new;`
			`end;`
			`$$;`

			`create trigger insert_grp_perm`
			`after insert on public.grp`
			`for each row`
			`execute function do_insert_grp_perm();`

			`create function do_insert_community_perm() returns trigger language plpgsql as $$`
			`begin`
			`-- TODO: insert some default community groups, use community_XX_admin as group owner`

			`insert into public.perm`
			`(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)`
			`values`
feat: human uid 2023-07-16 02:03:16 +00:00			`('/communities/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/posts', (public.get_acting_usr()).id, NEW.id, 'w', 'w', 'r')`
			`, ('/communities/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/tag', (public.get_acting_usr()).id, NEW.id, 'w', 'w', 'r')`
			`, ('/communities/' \|\| human_uuid.huid_to_string(NEW.uid) \|\| '/deleted', (public.get_acting_usr()).id, NEW.id, 'w', 'w', '-')`
feat: permissions 2023-07-14 22:13:34 +00:00			`;`

			`return new;`
			`end;`
			`$$;`

			`create trigger insert_community_perm`
			`after insert on public.community`
			`for each row`
			`execute function do_insert_community_perm();`

			`select audit( 'public'`
			`, 'perm'`
			`, array[ row('owner_user', 'int')`
			`, row('owner_group', 'int')`
			`, row('owner_user_mode', 'public.perm_mode')`
			`, row('owner_group_mode', 'public.perm_mode')`
			`, row('everyone_mode', 'public.perm_mode')`
			`] :: audited_column[]`
			`, soft_delete => false`
			`);`

			`select immutable( 'public'`
			`, 'perm'`
			`, array[ 'id'`
			`, 'uid'`
			`, 'path'`
			`]`
			`);`