I do not have more time to update the update to the company today, but i believe this is already a good amount of work for a commit. The company is going to be used for row level security, as users will only have access to the data from companies they are granted access, by virtue of being in the company_user relation. I did not know how add a row level security policy to the company_user because i needed the to select on the same relation and this is not allowed, because it would create an infinite loop. Had to add the vat, pg_libphonenumber, and uri extensions in order to validate VAT identification numbers, phone numbers, and URIs, repectively. These libraries are not in Debian, but i created packages for them all in https://dev.tandem.ws/tandem.
39 lines
836 B
PL/PgSQL
39 lines
836 B
PL/PgSQL
-- Deploy numerus:company_user to pg
|
|
-- requires: schema_numerus
|
|
-- requires: user
|
|
-- requires: company
|
|
|
|
begin;
|
|
|
|
set search_path to numerus, auth, public;
|
|
|
|
create table company_user (
|
|
company_id integer not null references company,
|
|
user_id integer not null references "user",
|
|
primary key (company_id, user_id)
|
|
);
|
|
|
|
grant select on table company_user to invoicer;
|
|
grant select on table company_user to admin;
|
|
|
|
|
|
alter table company enable row level security;
|
|
|
|
create policy company_policy
|
|
on company
|
|
using (
|
|
exists(
|
|
select 1
|
|
from company_user
|
|
join user_profile using (user_id)
|
|
where company_user.company_id = company.company_id
|
|
)
|
|
);
|
|
|
|
-- TODO:
|
|
-- I think we can not do the same for company_user because it would be
|
|
-- an infinite loop, but in this case i think it is fine because we can
|
|
-- only see ids, nothing more.
|
|
|
|
commit;
|