e26a154518
Connects to backend and gets all registered users by role. Enabled editors to see all registered users which wasn't possible.
44 lines
1.9 KiB
SQL
44 lines
1.9 KiB
SQL
-- create table for users
|
|
create table candymat_data.person
|
|
(
|
|
row_id serial primary key,
|
|
first_name character varying(200) check (first_name <> ''),
|
|
last_name character varying(200) check (last_name <> ''),
|
|
about character varying(2000),
|
|
created_at timestamp default now(),
|
|
role candymat_data.role not null default 'candymat_person'
|
|
);
|
|
grant select, update, delete on table candymat_data.person to candymat_person;
|
|
-- the following is only necessary as long as anonymous should be able to view candidates and editors
|
|
grant select on table candymat_data.person to candymat_anonymous;
|
|
|
|
-- create table for accounts
|
|
create table candymat_data_privat.person_account
|
|
(
|
|
person_row_id integer primary key references candymat_data.person (row_id) on delete cascade,
|
|
email character varying(320) not null unique check (email ~* '^.+@.+\..+$'),
|
|
password_hash character varying(256) not null
|
|
);
|
|
|
|
alter table candymat_data.person
|
|
enable row level security;
|
|
create policy update_person on candymat_data.person for update to candymat_person
|
|
with check (row_id = nullif(current_setting('jwt.claims.person_row_id', true), '')::integer);
|
|
create policy delete_person on candymat_data.person for delete to candymat_person
|
|
using (row_id = nullif(current_setting('jwt.claims.person_row_id', true), '')::integer);
|
|
|
|
-- The following enables viewing candidates and editors information for every person.
|
|
-- This may be changed to only enable registered (and verified) persons.
|
|
create policy select_person_public
|
|
on candymat_data.person
|
|
for select
|
|
to candymat_anonymous, candymat_person -- maybe change to candymat_person only in the future
|
|
using (role in ('candymat_editor', 'candymat_candidate'));
|
|
|
|
-- Editors can see all registered persons in order to elevate their privileges
|
|
create policy select_person_editor
|
|
on candymat_data.person
|
|
for select
|
|
to candymat_editor
|
|
using (true);
|