44 lines
1.9 KiB
SQL
44 lines
1.9 KiB
SQL
-- create table for users
|
|
create table candymat_data.person
|
|
(
|
|
row_id serial primary key,
|
|
first_name character varying(200) check (first_name <> ''),
|
|
last_name character varying(200) check (last_name <> ''),
|
|
about character varying(2000),
|
|
created_at timestamp default now(),
|
|
role candymat_data.role not null default 'candymat_person'
|
|
);
|
|
grant select, update, delete on table candymat_data.person to candymat_person;
|
|
-- the following is only necessary as long as anonymous should be able to view candidates and editors
|
|
grant select on table candymat_data.person to candymat_anonymous;
|
|
|
|
-- create table for accounts
|
|
create table candymat_data_privat.person_account
|
|
(
|
|
person_row_id integer primary key references candymat_data.person (row_id) on delete cascade,
|
|
email character varying(320) not null unique check (email ~* '^.+@.+\..+$'),
|
|
password_hash character varying(256) not null
|
|
);
|
|
|
|
alter table candymat_data.person
|
|
enable row level security;
|
|
create policy update_person on candymat_data.person for update to candymat_person
|
|
with check (row_id = nullif(current_setting('jwt.claims.person_row_id', true), '')::integer);
|
|
create policy delete_person on candymat_data.person for delete to candymat_person
|
|
using (row_id = nullif(current_setting('jwt.claims.person_row_id', true), '')::integer);
|
|
|
|
-- The following enables viewing candidates and editors information for every person.
|
|
-- This may be changed to only enable registered (and verified) persons.
|
|
create policy select_person_public
|
|
on candymat_data.person
|
|
for select
|
|
to candymat_anonymous, candymat_person -- maybe change to candymat_person only in the future
|
|
using (role in ('candymat_editor', 'candymat_candidate'));
|
|
|
|
-- Editors can see all registered persons in order to elevate their privileges
|
|
create policy select_person_editor
|
|
on candymat_data.person
|
|
for select
|
|
to candymat_editor
|
|
using (true);
|