02845e65db
Added features: * register * authenticate * RLS as summarized in security_considerations.md Improve * Use enhanced graphiql version to be able to set authentication headers Remove: * docker-compose.prod.yml since it is not updated for now (and we do not have a production env)
29 lines
844 B
SQL
29 lines
844 B
SQL
\connect candymat_db
|
|
|
|
-- Create schema for candymat_data
|
|
create SCHEMA candymat_data;
|
|
create SCHEMA candymat_data_privat;
|
|
|
|
-- create roles
|
|
create role candymat_person;
|
|
create role candymat_anonymous;
|
|
create role candymat_editor;
|
|
create role candymat_candidate;
|
|
|
|
grant candymat_editor to candymat_postgraphile;
|
|
grant candymat_candidate to candymat_postgraphile;
|
|
grant candymat_person to candymat_postgraphile, candymat_candidate, candymat_editor;
|
|
grant candymat_anonymous to candymat_postgraphile;
|
|
|
|
create type candymat_data.role as enum (
|
|
'candymat_editor',
|
|
'candymat_candidate',
|
|
'candymat_person'
|
|
);
|
|
|
|
-- set table wide permissions
|
|
grant usage on schema candymat_data to candymat_anonymous, candymat_person;
|
|
|
|
-- make functions non executeable w/o further checks
|
|
alter default privileges revoke execute on functions from public;
|