feat: public.usr_root, public.grp_admins

This commit is contained in:
Orion Kindel 2023-07-15 18:22:40 -04:00
parent 1bf3d29863
commit c83a4cece6
Signed by untrusted user who does not match committer: orion
GPG Key ID: 6D4165AE4C928719
10 changed files with 34 additions and 27 deletions

View File

@ -1,5 +1,5 @@
name: 'migrate-devel'
on: {push: {branches: ['main']}}
on: {push: {tags: ['devel@*']}}
jobs:
migrate-devel:

View File

@ -1,5 +1,5 @@
name: 'migrate-stage'
on: {push: {branches: ['main']}}
on: {push: {tags: ['stage@*']}}
jobs:
migrate-stage:
@ -9,7 +9,7 @@ jobs:
steps:
- uses: 'actions/checkout@v3'
with: { fetch-depth: 0 }
- run: './scripts/migrate.sh --greenlight'
- run: './scripts/migrate.sh ${{ gitea.ref_name }} --greenlight'
env:
DOCKER_HOST: 'unix:///run/user/1001/docker.sock'
POSTGRES_URI: '${{ secrets.POSTGRES_STAGE_URI }}'

View File

@ -57,6 +57,12 @@ create trigger insert_usr_default_discrim
before insert on public.usr
for each row execute function public.do_insert_usr_default_discrim();
create function public.usr_root()
returns public.usr
stable
language sql
as $$select * from public.usr where tag = public.usr_tag_of_string('root')$$;
insert into public.usr
(tag, password, email)
values

View File

@ -18,10 +18,7 @@ declare
acting_usr public.usr;
begin
if nullif(current_setting('dnim.usr_uid', true), '') is null then
select u.*
from public.usr u
where u.tag = public.usr_tag_of_string('root')
into acting_usr;
acting_usr := public.usr_root();
else
select u.*
from public.usr u

View File

@ -10,6 +10,12 @@ create table public.grp
insert into public.grp (tag)
values (grp_tag_of_string('admins'));
create function public.grp_admins()
returns public.grp
stable
language sql
as $$select * from public.grp where tag = public.grp_tag_of_string('admins')$$;
create function public.do_grp_add_admins()
returns trigger
volatile

View File

@ -44,19 +44,8 @@ $$;
create function public.grp_members_admins()
returns setof public.usr
stable
language plpgsql
as $$
declare
gid int;
begin
select g.id
from public.grp g
where g.tag = public.grp_tag_of_string('admins')
into gid;
return query select * from public.grp_members(gid);
end;
$$;
language sql
as $$select * from public.grp_members((public.grp_admins()).id)$$;
create function public.grp_rm_member(from_grp int, rm_usr int)
returns void

View File

@ -12,6 +12,12 @@ begin
perform public.grp_add_member(to_grp => new_grp, add_usr => new.id);
update public.perm
set owner_user = public.usr_root()
, owner_group = public.grp_admins()
where path = '/groups/' || new_grp || '/members'
or path = '/groups/' || new_grp || '/tag';
return null;
end;
$$;

View File

@ -16,8 +16,8 @@ declare
root int;
admins int;
begin
select * from public.usr where tag = usr_tag_of_string('root') into root;
select * from public.grp where tag = grp_tag_of_string('admins') into admins;
root := (public.usr_root()).id;
admins := (public.grp_admins()).id;
insert into public.perm
(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
@ -33,7 +33,7 @@ create function do_insert_usr_perm() returns trigger language plpgsql as $$
declare
admins int;
begin
select * from public.grp where tag = grp_tag_of_string('admins') into admins;
admins := public.grp_admins();
insert into public.perm
(path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
@ -41,6 +41,7 @@ begin
('/users/' || NEW.id || '/tag', NEW.id, admins, 'w', 'w', 'r')
, ('/users/' || NEW.id || '/email', NEW.id, admins, 'w', 'w', '-')
, ('/users/' || NEW.id || '/deleted', NEW.id, admins, 'w', 'w', '-')
, ('/users/' || NEW.id || '/password', NEW.id, admins, 'w', 'w', '-')
;
return new;

View File

@ -28,8 +28,10 @@ if [[ ! -f "$migration" ]]; then
echo "migrate from $rev => HEAD" 1>&2
migra --unsafe $base_url $head_url > "$migration" \
echo "BEGIN" > "$migration"
migra --unsafe $base_url $head_url >> "$migration" \
|| echo "migra exited with code $?. this is /probably/ fine" 1>&2
echo "COMMIT;" > "$migration"
fi
echo "$migration"

View File

@ -9,7 +9,7 @@ if [[ -n $(git status --porcelain) ]]; then
exit 1;
fi
head=$(git show --format=format:%h -q)
to_tag="$1"
get_dnim_database_count="copy (select count(*) from pg_database where datname = 'dnim') to stdout with null as '';"
dnim_database_count=$(psql "$POSTGRES_URI/postgres" -c "$get_dnim_database_count")
@ -25,7 +25,7 @@ else
last_revision=$(psql "$POSTGRES_URI/dnim" -c "$get_last_revision")
migration_file=$(./scripts/diff.sh "$last_revision")
if [[ "$1" = "--greenlight" ]]; then
if [[ "$2" = "--greenlight" ]]; then
psql "$POSTGRES_URI/dnim" -f "$migration_file"
else
echo "migration available at $migration_file"
@ -34,6 +34,6 @@ else
fi
fi
insert_migration="insert into migration (from_revision, to_revision, script) values ('$last_revision', '$head', \$migration\$$script\$migration\$);"
insert_migration="insert into migration (from_revision, to_revision, script) values ('$last_revision', '$to_tag', \$migration\$$script\$migration\$);"
psql "$POSTGRES_URI/dnim" -c "$insert_migration"
echo "inserted migration"