-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #44 from WomenPlusPlus/add-policies-and-target-aud…
…it-table Add policies and target audit table
- Loading branch information
Showing
2 changed files
with
122 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| ALTER TABLE "public"."circle" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "circle_authenticated" ON "public"."circle"; | ||
| CREATE POLICY "circle_authenticated" ON "public"."circle" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| ALTER TABLE "public"."circle_kpi_definition" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "circle_kpi_definition_authenticated" ON "public"."circle_kpi_definition"; | ||
| CREATE POLICY "circle_kpi_definition_authenticated" ON "public"."circle_kpi_definition" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| ALTER TABLE "public"."circle_user" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "circle_user_authenticated" ON "public"."circle_user"; | ||
| CREATE POLICY "circle_user_authenticated" ON "public"."circle_user" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| ALTER TABLE "public"."kpi_definition" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "kpi_definition_authenticated" ON "public"."kpi_definition"; | ||
| CREATE POLICY "kpi_definition_authenticated" ON "public"."kpi_definition" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| ALTER TABLE "public"."kpi_user" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "kpi_user_authenticated" ON "public"."kpi_user"; | ||
| CREATE POLICY "kpi_user_authenticated" ON "public"."kpi_user" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| ALTER TABLE "public"."kpi_values_history" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "kpi_values_history_authenticated" ON "public"."kpi_values_history"; | ||
| CREATE POLICY "kpi_values_history_authenticated" ON "public"."kpi_values_history" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| ALTER TABLE "public"."target" ENABLE ROW LEVEL SECURITY; | ||
| DROP POLICY IF EXISTS "target_authenticated" ON "public"."target"; | ||
| CREATE POLICY "target_authenticated" ON "public"."target" AS PERMISSIVE FOR ALL TO authenticated USING (true); | ||
|
|
||
| REVOKE ALL PRIVILEGES ON TABLE "public"."flyway_schema_history" from anon; | ||
| REVOKE ALL PRIVILEGES ON TABLE "public"."flyway_schema_history" from authenticated; | ||
| REVOKE ALL PRIVILEGES ON TABLE "public"."flyway_schema_history" from service_role; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| DROP TABLE IF EXISTS "public"."target_history"; | ||
|
|
||
| CREATE TABLE target_history ( | ||
| target_history_id int8 generated by default as identity, | ||
| action varchar(32) not null, | ||
| target_id int8 not null, | ||
| circle_id int8 not null, | ||
| kpi_id int8 not null, | ||
| target_value numeric, | ||
| created_at timestamp not null, | ||
| user_id uuid, | ||
| PRIMARY KEY (target_history_id), | ||
| CONSTRAINT fk_kpi FOREIGN KEY(kpi_id) REFERENCES kpi_definition(kpi_id), | ||
| CONSTRAINT fk_circle FOREIGN KEY(circle_id) REFERENCES circle(circle_id), | ||
| CONSTRAINT fk_user FOREIGN KEY(user_id) REFERENCES auth.user(id) | ||
| ); | ||
|
|
||
| DROP TRIGGER IF EXISTS target_history_trigger on "public"."target"; | ||
|
|
||
| CREATE OR REPLACE FUNCTION target_history_trigger_func() | ||
| RETURNS trigger AS $body$ | ||
| BEGIN | ||
| if (TG_OP = 'INSERT') then | ||
| INSERT INTO target_history ( | ||
| action, | ||
| target_id , | ||
| circle_id , | ||
| kpi_id, | ||
| target_value, | ||
| created_at, | ||
| user_id | ||
| ) | ||
| VALUES( | ||
| 'INSERT', | ||
| NEW.target_id, | ||
| NEW.circle_id, | ||
| NEW.kpi_id, | ||
| NEW.target_value, | ||
| CURRENT_TIMESTAMP, | ||
| auth.uid() | ||
| ); | ||
|
|
||
| RETURN NEW; | ||
| elsif (TG_OP = 'UPDATE') then | ||
| INSERT INTO target_history ( | ||
| action, | ||
| target_id , | ||
| circle_id , | ||
| kpi_id, | ||
| target_value, | ||
| created_at, | ||
| user_id | ||
| ) | ||
| VALUES( | ||
| 'UPDATE', | ||
| NEW.target_id, | ||
| NEW.circle_id, | ||
| NEW.kpi_id, | ||
| NEW.target_value, | ||
| CURRENT_TIMESTAMP, | ||
| auth.uid() | ||
| ); | ||
| RETURN NEW; | ||
| elsif (TG_OP = 'DELETE') then | ||
| INSERT INTO target_history ( | ||
| action, | ||
| target_id , | ||
| circle_id , | ||
| kpi_id, | ||
| target_value, | ||
| created_at, | ||
| user_id | ||
| ) | ||
| VALUES( | ||
| 'DELETE', | ||
| OLD.target_id, | ||
| OLD.circle_id, | ||
| OLD.kpi_id, | ||
| null, | ||
| CURRENT_TIMESTAMP, | ||
| auth.uid() | ||
| ); | ||
| RETURN OLD; | ||
| end if; | ||
| END; | ||
| $body$ | ||
| LANGUAGE plpgsql; | ||
|
|
||
| CREATE TRIGGER target_history_trigger | ||
| AFTER INSERT OR UPDATE OR DELETE ON target | ||
| FOR EACH ROW EXECUTE FUNCTION target_history_trigger_func(); |