#17 unfinished

2021-06-23 17:49:49 +02:00 · 2021-06-23 17:49:49 +02:00 · d2eaf3bd98
parent 6441716a00
commit d2eaf3bd98
1 changed files with 59 additions and 0 deletions
--- a/backend/db/sql/04_setup_authentication.sql
+++ b/backend/db/sql/04_setup_authentication.sql
@ -90,3 +90,62 @@ $$ language plpgsql strict
                    security definer;
 grant execute on function candymat_data.authenticate(text, text) to candymat_anonymous, candymat_person;

+-- Change password
+drop function if exists candymat_data.change_password;
+create function candymat_data.change_password(
+    email        text,
+    old_password text,
+    new_password text
+) returns candymat_data.jwt_token as
+$$
+declare
+    account        candymat_data_privat.person_account;
+    declare person candymat_data.person;
+begin
+    select a.*
+    into account
+    from candymat_data_privat.person_account as a
+    where a.email = $1;
+
+    select p.*
+    into person
+    from candymat_data.person as p
+    where p.row_id = account.person_row_id;
+
+    if account.password_hash = crypt(old_password, account.password_hash) then
+
+        select *
+        from candymat_data.person
+        where row_id = nullif(current_setting('jwt.claims.person_row_id', true), '')::integer
+
+        return (person.role, account.person_row_id,
+                extract(epoch from (now() + interval '2 days')))::candymat_data.jwt_token;
+    else
+        return null;
+    end if;
+end;
+$$ language plpgsql strict
+                    security definer;
+grant execute on function candymat_data.change_role(integer, candymat_data.role) to candymat_editor;
+
+-- Change role: Changes role for a given user. Only editors are allowed to use it.
+drop function if exists candymat_data.change_role;
+create function candymat_data.change_role(
+    person_row_id integer,
+    new_role      candymat_data.role
+)
+    returns candymat_data.person as
+$$
+declare
+    person candymat_data.person;
+begin
+    update candymat_data.person
+    set role = new_role
+    where candymat_data.person.row_id = $1
+    returning * into person;
+
+    return person;
+end;
+$$ language plpgsql strict
+                    security definer;
+grant execute on function candymat_data.change_role(integer, candymat_data.role) to candymat_editor;