feat: public.usr_root, public.grp_admins
This commit is contained in:
parent
1bf3d29863
commit
c83a4cece6
@ -1,5 +1,5 @@
|
||||
name: 'migrate-devel'
|
||||
on: {push: {branches: ['main']}}
|
||||
on: {push: {tags: ['devel@*']}}
|
||||
|
||||
jobs:
|
||||
migrate-devel:
|
||||
|
@ -1,5 +1,5 @@
|
||||
name: 'migrate-stage'
|
||||
on: {push: {branches: ['main']}}
|
||||
on: {push: {tags: ['stage@*']}}
|
||||
|
||||
jobs:
|
||||
migrate-stage:
|
||||
@ -9,7 +9,7 @@ jobs:
|
||||
steps:
|
||||
- uses: 'actions/checkout@v3'
|
||||
with: { fetch-depth: 0 }
|
||||
- run: './scripts/migrate.sh --greenlight'
|
||||
- run: './scripts/migrate.sh ${{ gitea.ref_name }} --greenlight'
|
||||
env:
|
||||
DOCKER_HOST: 'unix:///run/user/1001/docker.sock'
|
||||
POSTGRES_URI: '${{ secrets.POSTGRES_STAGE_URI }}'
|
||||
|
@ -57,6 +57,12 @@ create trigger insert_usr_default_discrim
|
||||
before insert on public.usr
|
||||
for each row execute function public.do_insert_usr_default_discrim();
|
||||
|
||||
create function public.usr_root()
|
||||
returns public.usr
|
||||
stable
|
||||
language sql
|
||||
as $$select * from public.usr where tag = public.usr_tag_of_string('root')$$;
|
||||
|
||||
insert into public.usr
|
||||
(tag, password, email)
|
||||
values
|
||||
|
@ -18,10 +18,7 @@ declare
|
||||
acting_usr public.usr;
|
||||
begin
|
||||
if nullif(current_setting('dnim.usr_uid', true), '') is null then
|
||||
select u.*
|
||||
from public.usr u
|
||||
where u.tag = public.usr_tag_of_string('root')
|
||||
into acting_usr;
|
||||
acting_usr := public.usr_root();
|
||||
else
|
||||
select u.*
|
||||
from public.usr u
|
||||
|
@ -10,6 +10,12 @@ create table public.grp
|
||||
insert into public.grp (tag)
|
||||
values (grp_tag_of_string('admins'));
|
||||
|
||||
create function public.grp_admins()
|
||||
returns public.grp
|
||||
stable
|
||||
language sql
|
||||
as $$select * from public.grp where tag = public.grp_tag_of_string('admins')$$;
|
||||
|
||||
create function public.do_grp_add_admins()
|
||||
returns trigger
|
||||
volatile
|
||||
|
@ -44,19 +44,8 @@ $$;
|
||||
create function public.grp_members_admins()
|
||||
returns setof public.usr
|
||||
stable
|
||||
language plpgsql
|
||||
as $$
|
||||
declare
|
||||
gid int;
|
||||
begin
|
||||
select g.id
|
||||
from public.grp g
|
||||
where g.tag = public.grp_tag_of_string('admins')
|
||||
into gid;
|
||||
|
||||
return query select * from public.grp_members(gid);
|
||||
end;
|
||||
$$;
|
||||
language sql
|
||||
as $$select * from public.grp_members((public.grp_admins()).id)$$;
|
||||
|
||||
create function public.grp_rm_member(from_grp int, rm_usr int)
|
||||
returns void
|
||||
|
@ -12,6 +12,12 @@ begin
|
||||
|
||||
perform public.grp_add_member(to_grp => new_grp, add_usr => new.id);
|
||||
|
||||
update public.perm
|
||||
set owner_user = public.usr_root()
|
||||
, owner_group = public.grp_admins()
|
||||
where path = '/groups/' || new_grp || '/members'
|
||||
or path = '/groups/' || new_grp || '/tag';
|
||||
|
||||
return null;
|
||||
end;
|
||||
$$;
|
||||
|
@ -16,8 +16,8 @@ declare
|
||||
root int;
|
||||
admins int;
|
||||
begin
|
||||
select * from public.usr where tag = usr_tag_of_string('root') into root;
|
||||
select * from public.grp where tag = grp_tag_of_string('admins') into admins;
|
||||
root := (public.usr_root()).id;
|
||||
admins := (public.grp_admins()).id;
|
||||
|
||||
insert into public.perm
|
||||
(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
|
||||
@ -33,7 +33,7 @@ create function do_insert_usr_perm() returns trigger language plpgsql as $$
|
||||
declare
|
||||
admins int;
|
||||
begin
|
||||
select * from public.grp where tag = grp_tag_of_string('admins') into admins;
|
||||
admins := public.grp_admins();
|
||||
|
||||
insert into public.perm
|
||||
(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
|
||||
@ -41,6 +41,7 @@ begin
|
||||
('/users/' || NEW.id || '/tag', NEW.id, admins, 'w', 'w', 'r')
|
||||
, ('/users/' || NEW.id || '/email', NEW.id, admins, 'w', 'w', '-')
|
||||
, ('/users/' || NEW.id || '/deleted', NEW.id, admins, 'w', 'w', '-')
|
||||
, ('/users/' || NEW.id || '/password', NEW.id, admins, 'w', 'w', '-')
|
||||
;
|
||||
|
||||
return new;
|
||||
|
@ -28,8 +28,10 @@ if [[ ! -f "$migration" ]]; then
|
||||
|
||||
echo "migrate from $rev => HEAD" 1>&2
|
||||
|
||||
migra --unsafe $base_url $head_url > "$migration" \
|
||||
echo "BEGIN" > "$migration"
|
||||
migra --unsafe $base_url $head_url >> "$migration" \
|
||||
|| echo "migra exited with code $?. this is /probably/ fine" 1>&2
|
||||
echo "COMMIT;" > "$migration"
|
||||
fi
|
||||
|
||||
echo "$migration"
|
||||
|
@ -9,7 +9,7 @@ if [[ -n $(git status --porcelain) ]]; then
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
head=$(git show --format=format:%h -q)
|
||||
to_tag="$1"
|
||||
|
||||
get_dnim_database_count="copy (select count(*) from pg_database where datname = 'dnim') to stdout with null as '';"
|
||||
dnim_database_count=$(psql "$POSTGRES_URI/postgres" -c "$get_dnim_database_count")
|
||||
@ -25,7 +25,7 @@ else
|
||||
last_revision=$(psql "$POSTGRES_URI/dnim" -c "$get_last_revision")
|
||||
migration_file=$(./scripts/diff.sh "$last_revision")
|
||||
|
||||
if [[ "$1" = "--greenlight" ]]; then
|
||||
if [[ "$2" = "--greenlight" ]]; then
|
||||
psql "$POSTGRES_URI/dnim" -f "$migration_file"
|
||||
else
|
||||
echo "migration available at $migration_file"
|
||||
@ -34,6 +34,6 @@ else
|
||||
fi
|
||||
fi
|
||||
|
||||
insert_migration="insert into migration (from_revision, to_revision, script) values ('$last_revision', '$head', \$migration\$$script\$migration\$);"
|
||||
insert_migration="insert into migration (from_revision, to_revision, script) values ('$last_revision', '$to_tag', \$migration\$$script\$migration\$);"
|
||||
psql "$POSTGRES_URI/dnim" -c "$insert_migration"
|
||||
echo "inserted migration"
|
||||
|
Loading…
Reference in New Issue
Block a user