camper/deploy/media.sql

61 lines
1.2 KiB
PL/PgSQL

-- Deploy camper:media to pg
-- requires: roles
-- requires: schema_camper
-- requires: company
-- requires: user_profile
-- requires: media_type
begin;
set search_path to camper, public;
create table media (
media_id serial not null primary key,
company_id integer not null references company,
hash bytea not null generated always as (sha256(content)) stored,
original_filename text not null constraint original_filename_not_empty check(length(trim(original_filename)) > 0),
media_type media_type not null,
content bytea not null,
unique (company_id, hash)
);
grant select on table media to guest;
grant select on table media to employee;
grant select, insert, delete, update on table media to admin;
grant usage on sequence media_media_id_seq to admin;
alter table media enable row level security;
create policy guest_ok
on media
for select
using (true)
;
create policy insert_to_company
on media
for insert
with check (
company_id in (select company_id from user_profile)
)
;
create policy update_company
on media
for update
using (
company_id in (select company_id from user_profile)
)
;
create policy delete_from_company
on media
for delete
using (
company_id in (select company_id from user_profile)
)
;
commit;