-
Notifications
You must be signed in to change notification settings - Fork 0
/
011_CREATE_SETTINGS_TABLE.sql
51 lines (46 loc) · 1.37 KB
/
011_CREATE_SETTINGS_TABLE.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
-- one row MUST be present in `settings` to ensure proper operation -- see `023_ADD_DEFAULT_SETTING.sql`
CREATE TABLE settings(
Lock char(1) not null DEFAULT 'X', -- make this column contain only 1 value, but also be unique to create only 1 row
/* Other columns */
required_members INT NOT NULL DEFAULT 0,
created_at TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP,
/* constraints */
constraint PK_T1 PRIMARY KEY (Lock),
constraint CK_T1_Locked CHECK (Lock='X')
);
create extension if not exists moddatetime schema extensions;
-- trigger to update "updated_at" field before every update to row
create trigger handle_updated_at before update on settings
for each row execute procedure moddatetime (updated_at);
ALTER TABLE settings ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Enable all access to site admins"
ON public.settings
FOR ALL
TO authenticated
USING (
EXISTS (
SELECT 1
FROM permissions as p
INNER JOIN users as u ON (p.user_id = u.id)
WHERE (
u.email = auth.jwt() ->> 'email'
AND ( -- roles here
p.permission = 'ADMIN'
)
)
)
)
WITH CHECK (
EXISTS (
SELECT 1
FROM permissions as p
INNER JOIN users as u ON (p.user_id = u.id)
WHERE (
u.email = auth.jwt() ->> 'email'
AND ( -- roles here
p.permission = 'ADMIN'
)
)
)
);