|
| 1 | +DROP TABLE public."ConceptAccess" CASCADE; |
| 2 | + |
| 3 | +ALTER TABLE public."ContentAccess" RENAME TO "ResourceAccess"; |
| 4 | +ALTER TABLE public."ResourceAccess" RENAME CONSTRAINT "ContentAccess_pkey" TO "ResourceAccess_pkey"; |
| 5 | +ALTER TABLE public."ResourceAccess" RENAME CONSTRAINT "ContentAccess_account_uid_fkey" TO "ResourceAccess_account_uid_fkey"; |
| 6 | + |
| 7 | +ALTER TABLE public."ResourceAccess" ADD COLUMN space_id BIGINT; |
| 8 | +ALTER TABLE public."ResourceAccess" ADD COLUMN source_local_id CHARACTER VARYING; |
| 9 | + |
| 10 | +COMMENT ON COLUMN public."ResourceAccess".space_id IS 'The space_id of the content item for which access is granted'; |
| 11 | +COMMENT ON COLUMN public."ResourceAccess".source_local_id IS 'The source_local_id of the content item for which access is granted'; |
| 12 | + |
| 13 | +UPDATE public."ResourceAccess" AS ca |
| 14 | +SET space_id = ct.space_id, source_local_id = ct.source_local_id |
| 15 | +FROM public."Content" AS ct WHERE ct.id = content_id; |
| 16 | + |
| 17 | +ALTER TABLE public."ResourceAccess" DROP COLUMN content_id CASCADE; |
| 18 | +-- cascades to Content policies, indices, primary key... |
| 19 | + |
| 20 | +ALTER TABLE public."ResourceAccess" ALTER COLUMN space_id SET NOT NULL; |
| 21 | +ALTER TABLE public."ResourceAccess" ALTER COLUMN source_local_id SET NOT NULL; |
| 22 | + |
| 23 | +ALTER TABLE ONLY public."ResourceAccess" |
| 24 | +ADD CONSTRAINT "ResourceAccess_pkey" PRIMARY KEY (account_uid, source_local_id, space_id); |
| 25 | + |
| 26 | +CREATE INDEX resource_access_content_local_id_idx ON public."ResourceAccess" (source_local_id, space_id); |
| 27 | + |
| 28 | +CREATE OR REPLACE FUNCTION public.can_view_specific_resource(space_id_ BIGINT, source_local_id_ VARCHAR) RETURNS BOOLEAN |
| 29 | +STABLE SECURITY DEFINER |
| 30 | +SET search_path = '' |
| 31 | +LANGUAGE sql |
| 32 | +AS $$ |
| 33 | + SELECT EXISTS( |
| 34 | + SELECT true FROM public."ResourceAccess" |
| 35 | + JOIN public.my_user_accounts() ON (account_uid=my_user_accounts) |
| 36 | + WHERE space_id=space_id_ |
| 37 | + AND source_local_id = source_local_id_ |
| 38 | + LIMIT 1); |
| 39 | +$$; |
| 40 | + |
| 41 | +CREATE OR REPLACE VIEW public.my_documents AS |
| 42 | +SELECT |
| 43 | + id, |
| 44 | + space_id, |
| 45 | + source_local_id, |
| 46 | + url, |
| 47 | + "created", |
| 48 | + metadata, |
| 49 | + last_modified, |
| 50 | + author_id, |
| 51 | + contents |
| 52 | +FROM public."Document" WHERE space_id = any(public.my_space_ids()) |
| 53 | + OR public.can_view_specific_resource(space_id, source_local_id); |
| 54 | + |
| 55 | +CREATE OR REPLACE VIEW public.my_contents AS |
| 56 | +SELECT |
| 57 | + id, |
| 58 | + document_id, |
| 59 | + source_local_id, |
| 60 | + variant, |
| 61 | + author_id, |
| 62 | + creator_id, |
| 63 | + created, |
| 64 | + text, |
| 65 | + metadata, |
| 66 | + scale, |
| 67 | + space_id, |
| 68 | + last_modified, |
| 69 | + part_of_id |
| 70 | +FROM public."Content" |
| 71 | +WHERE ( |
| 72 | + space_id = any(public.my_space_ids()) |
| 73 | + OR public.can_view_specific_resource(space_id, source_local_id) |
| 74 | +); |
| 75 | + |
| 76 | +DROP POLICY IF EXISTS document_policy ON public."Document"; |
| 77 | +DROP POLICY IF EXISTS document_select_policy ON public."Document"; |
| 78 | +CREATE POLICY document_select_policy ON public."Document" FOR SELECT USING (public.in_space(space_id) OR public.can_view_specific_resource(space_id, source_local_id)); |
| 79 | +DROP POLICY IF EXISTS document_delete_policy ON public."Document"; |
| 80 | +CREATE POLICY document_delete_policy ON public."Document" FOR DELETE USING (public.in_space(space_id)); |
| 81 | +DROP POLICY IF EXISTS document_insert_policy ON public."Document"; |
| 82 | +CREATE POLICY document_insert_policy ON public."Document" FOR INSERT WITH CHECK (public.in_space(space_id)); |
| 83 | +DROP POLICY IF EXISTS document_update_policy ON public."Document"; |
| 84 | +CREATE POLICY document_update_policy ON public."Document" FOR UPDATE USING (public.in_space(space_id)); |
| 85 | + |
| 86 | +DROP POLICY IF EXISTS content_select_policy ON public."Content"; |
| 87 | +CREATE POLICY content_select_policy ON public."Content" FOR SELECT USING (public.in_space(space_id) OR public.can_view_specific_resource(space_id, source_local_id)); |
| 88 | + |
| 89 | +DROP POLICY IF EXISTS content_access_select_policy ON public."ResourceAccess"; |
| 90 | +DROP POLICY IF EXISTS content_access_delete_policy ON public."ResourceAccess"; |
| 91 | +DROP POLICY IF EXISTS content_access_insert_policy ON public."ResourceAccess"; |
| 92 | +DROP POLICY IF EXISTS content_access_update_policy ON public."ResourceAccess"; |
| 93 | + |
| 94 | +DROP POLICY IF EXISTS resource_access_select_policy ON public."ResourceAccess"; |
| 95 | +CREATE POLICY resource_access_select_policy ON public."ResourceAccess" FOR SELECT USING (public.in_space(space_id) OR public.can_access_account(account_uid)); |
| 96 | +DROP POLICY IF EXISTS resource_access_delete_policy ON public."ResourceAccess"; |
| 97 | +CREATE POLICY resource_access_delete_policy ON public."ResourceAccess" FOR DELETE USING (public.editor_in_space(space_id) OR public.can_access_account(account_uid)); |
| 98 | +DROP POLICY IF EXISTS resource_access_insert_policy ON public."ResourceAccess"; |
| 99 | +CREATE POLICY resource_access_insert_policy ON public."ResourceAccess" FOR INSERT WITH CHECK (public.editor_in_space(space_id)); |
| 100 | +DROP POLICY IF EXISTS resource_access_update_policy ON public."ResourceAccess"; |
| 101 | +CREATE POLICY resource_access_update_policy ON public."ResourceAccess" FOR UPDATE USING (public.editor_in_space(space_id)); |
| 102 | + |
| 103 | +DROP FUNCTION public.can_view_specific_content(BIGINT); |
| 104 | + |
| 105 | +CREATE OR REPLACE VIEW public.my_concepts AS |
| 106 | +SELECT |
| 107 | + id, |
| 108 | + epistemic_status, |
| 109 | + name, |
| 110 | + description, |
| 111 | + author_id, |
| 112 | + created, |
| 113 | + last_modified, |
| 114 | + space_id, |
| 115 | + arity, |
| 116 | + schema_id, |
| 117 | + literal_content, |
| 118 | + reference_content, |
| 119 | + refs, |
| 120 | + is_schema, |
| 121 | + source_local_id |
| 122 | +FROM public."Concept" |
| 123 | +WHERE ( |
| 124 | + space_id = any(public.my_space_ids()) |
| 125 | + OR public.can_view_specific_resource(space_id, source_local_id) |
| 126 | +); |
| 127 | + |
| 128 | + |
| 129 | +DROP POLICY IF EXISTS concept_select_policy ON public."Concept"; |
| 130 | +CREATE POLICY concept_select_policy ON public."Concept" FOR SELECT USING (public.in_space(space_id) OR public.can_view_specific_resource(space_id, source_local_id)); |
| 131 | + |
| 132 | +DROP FUNCTION public.can_view_specific_concept(BIGINT); |
| 133 | + |
| 134 | +CREATE OR REPLACE FUNCTION public.is_last_local_reference(space_id_ BIGINT, source_local_id_ VARCHAR) RETURNS boolean |
| 135 | +STABLE |
| 136 | +SET search_path = '' |
| 137 | +SECURITY DEFINER |
| 138 | +LANGUAGE sql |
| 139 | +AS $$ |
| 140 | + SELECT NOT EXISTS (SELECT id FROM public."Content" WHERE space_id=space_id_ AND source_local_id=source_local_id_ LIMIT 1) |
| 141 | + AND NOT EXISTS (SELECT id FROM public."Concept" WHERE space_id=space_id_ AND source_local_id=source_local_id_ LIMIT 1) |
| 142 | + AND NOT EXISTS (SELECT id FROM public."Document" WHERE space_id=space_id_ AND source_local_id=source_local_id_ LIMIT 1); |
| 143 | +$$; |
| 144 | + |
| 145 | +CREATE OR REPLACE FUNCTION on_delete_local_reference() RETURNS TRIGGER |
| 146 | +SET search_path = '' |
| 147 | +SECURITY DEFINER |
| 148 | +LANGUAGE plpgsql |
| 149 | +AS $$ |
| 150 | +BEGIN |
| 151 | + IF public.is_last_local_reference(OLD.space_id, OLD.source_local_id) THEN |
| 152 | + DELETE FROM public."ResourceAccess" WHERE space_id=OLD.space_id AND source_local_id=OLD.source_local_id; |
| 153 | + END IF; |
| 154 | + RETURN OLD; |
| 155 | +END; |
| 156 | +$$; |
| 157 | + |
| 158 | +CREATE TRIGGER on_delete_content_trigger AFTER DELETE ON public."Content" FOR EACH ROW EXECUTE FUNCTION public.on_delete_local_reference(); |
| 159 | +CREATE TRIGGER on_delete_concept_trigger AFTER DELETE ON public."Concept" FOR EACH ROW EXECUTE FUNCTION public.on_delete_local_reference(); |
| 160 | +CREATE TRIGGER on_delete_document_trigger AFTER DELETE ON public."Document" FOR EACH ROW EXECUTE FUNCTION public.on_delete_local_reference(); |
| 161 | + |
| 162 | +CREATE OR REPLACE FUNCTION on_update_local_reference() RETURNS TRIGGER |
| 163 | +SET search_path = '' |
| 164 | +SECURITY DEFINER |
| 165 | +LANGUAGE plpgsql |
| 166 | +AS $$ |
| 167 | +BEGIN |
| 168 | + IF (OLD.space_id IS DISTINCT FROM NEW.space_id OR |
| 169 | + OLD.source_local_id IS DISTINCT FROM NEW.source_local_id) |
| 170 | + AND public.is_last_local_reference(OLD.space_id, OLD.source_local_id) THEN |
| 171 | + DELETE FROM public."ResourceAccess" WHERE space_id=OLD.space_id AND source_local_id=OLD.source_local_id; |
| 172 | + END IF; |
| 173 | + RETURN NEW; |
| 174 | +END; |
| 175 | +$$; |
| 176 | + |
| 177 | +CREATE TRIGGER on_update_content_trigger AFTER UPDATE ON public."Content" FOR EACH ROW EXECUTE FUNCTION public.on_update_local_reference(); |
| 178 | +CREATE TRIGGER on_update_concept_trigger AFTER UPDATE ON public."Concept" FOR EACH ROW EXECUTE FUNCTION public.on_update_local_reference(); |
| 179 | +CREATE TRIGGER on_update_document_trigger AFTER UPDATE ON public."Document" FOR EACH ROW EXECUTE FUNCTION public.on_update_local_reference(); |
| 180 | + |
| 181 | +CREATE OR REPLACE FUNCTION public.on_delete_space_revoke_local_access() RETURNS TRIGGER |
| 182 | +SET search_path = '' |
| 183 | +SECURITY DEFINER |
| 184 | +LANGUAGE plpgsql |
| 185 | +AS $$ |
| 186 | +BEGIN |
| 187 | + DELETE FROM public."ResourceAccess" WHERE space_id=OLD.id; |
| 188 | + RETURN OLD; |
| 189 | +END; |
| 190 | +$$; |
| 191 | + |
| 192 | +CREATE TRIGGER on_delete_space_revoke_access_trigger AFTER DELETE ON public."Space" FOR EACH ROW EXECUTE FUNCTION public.on_delete_space_revoke_local_access(); |
0 commit comments