numerus/deploy/ensure_role_exists.sql

-- Deploy numerus:ensure_role_exists to pg
-- requires: schema_auth
-- requires: user

begin;

set search_path to auth, public;

create or replace function ensure_role_exists() returns trigger as
$$
begin
	if not exists (select 1 from pg_roles where rolname = new.role) then
		raise foreign_key_violation using message = 'role not found: ' || new.role;
	end if;
	return new;
end;
$$
language plpgsql;

comment on function ensure_role_exists() is
'Makes sure that a role given to a user is a valid, existing role in the cluster.';

revoke execute on function ensure_role_exists() from public;

create trigger ensure_role_exists
after insert or update
on "user"
for each row execute procedure ensure_role_exists();

	commit;
Setup authentication schema and user relation User authentication is based on PostgREST’s[0]: There is a noninherit role, authenticator, whose function is only to switch to a different role according to the application’s session. Accordingly, this role has no permission for anything. The roles that this authentication can switch to are guest, invoicer, or admin. Guest is for anonymous users, when they need to login or register; invoicers are regular users; and admin are application’s administrators, that can change other user’s status, when they have to be removed or have they password changed, for example. The user relation is actually inaccessible to all roles and can only be used through a security definer function, login, so that passwords are not accessible from the application. I hesitated on what to use as the user’s primary key. The email seemed a good candiate, because it will be used for login. But something rubs me the wrong way. It is not that they can change because, despite what people on the Internet keeps parroting, they do not need to be “immutable”, PostgreSQL can cascade updates to foreign keys, and people do not change email addresses that ofter. What i do know is that email addresses should be unique in order to be used for login and password, hovewer i had to decide what “unique” means here, because the domain part is case insensitive, but the local part who knows? I made the arbitrary decision of assuming that the whole address is case sensitive. I have the feeling that this will bite me harder in the ass than using it as the primary key. [0]: https://postgrest.org/en/stable/auth.html 2023-01-13 00:43:20 +00:00			`-- Deploy numerus:ensure_role_exists to pg`
			`-- requires: schema_auth`
			`-- requires: user`

			`begin;`

			`set search_path to auth, public;`

			`create or replace function ensure_role_exists() returns trigger as`
			`$$`
			`begin`
			`if not exists (select 1 from pg_roles where rolname = new.role) then`
			`raise foreign_key_violation using message = 'role not found: ' \|\| new.role;`
			`end if;`
			`return new;`
			`end;`
			`$$`
			`language plpgsql;`

			`comment on function ensure_role_exists() is`
			`'Makes sure that a role given to a user is a valid, existing role in the cluster.';`

Remove the revocation of all function executions I need to execute some functions in public for citext, such as texticregexeq, or guest users would not be able to login. 2023-01-17 12:05:58 +00:00			`revoke execute on function ensure_role_exists() from public;`

Setup authentication schema and user relation User authentication is based on PostgREST’s[0]: There is a noninherit role, authenticator, whose function is only to switch to a different role according to the application’s session. Accordingly, this role has no permission for anything. The roles that this authentication can switch to are guest, invoicer, or admin. Guest is for anonymous users, when they need to login or register; invoicers are regular users; and admin are application’s administrators, that can change other user’s status, when they have to be removed or have they password changed, for example. The user relation is actually inaccessible to all roles and can only be used through a security definer function, login, so that passwords are not accessible from the application. I hesitated on what to use as the user’s primary key. The email seemed a good candiate, because it will be used for login. But something rubs me the wrong way. It is not that they can change because, despite what people on the Internet keeps parroting, they do not need to be “immutable”, PostgreSQL can cascade updates to foreign keys, and people do not change email addresses that ofter. What i do know is that email addresses should be unique in order to be used for login and password, hovewer i had to decide what “unique” means here, because the domain part is case insensitive, but the local part who knows? I made the arbitrary decision of assuming that the whole address is case sensitive. I have the feeling that this will bite me harder in the ass than using it as the primary key. [0]: https://postgrest.org/en/stable/auth.html 2023-01-13 00:43:20 +00:00			`create trigger ensure_role_exists`
			`after insert or update`
			`on "user"`
			`for each row execute procedure ensure_role_exists();`

			`commit;`