module IHP.DataSync.Role where
import IHP.Prelude
import Data.Aeson
import IHP.QueryBuilder
import IHP.DataSync.DynamicQuery
import IHP.FrameworkConfig
import IHP.ModelSupport
import qualified Database.PostgreSQL.Simple as PG
import qualified Database.PostgreSQL.Simple.Types as PG
doesRoleExists :: (?modelContext :: ModelContext) => Text -> IO Bool
doesRoleExists :: Text -> IO Bool
doesRoleExists Text
name = Query -> [Text] -> IO Bool
forall q value.
(?modelContext::ModelContext, ToRow q, Show q, FromField value) =>
Query -> q -> IO value
sqlQueryScalar Query
"SELECT EXISTS(SELECT 1 FROM pg_roles WHERE rolname = ? LIMIT 1)" [Text
name]
ensureAuthenticatedRoleExists :: (?context :: context, ConfigProvider context, ?modelContext :: ModelContext) => IO ()
ensureAuthenticatedRoleExists :: IO ()
ensureAuthenticatedRoleExists = do
Bool
roleExists <- (?modelContext::ModelContext) => Text -> IO Bool
Text -> IO Bool
doesRoleExists Text
forall context. (?context::context, ConfigProvider context) => Text
authenticatedRole
Bool -> IO () -> IO ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
unless Bool
roleExists ((?modelContext::ModelContext) => Text -> IO ()
Text -> IO ()
createAuthenticatedRole Text
forall context. (?context::context, ConfigProvider context) => Text
authenticatedRole)
(?modelContext::ModelContext) => Text -> IO ()
Text -> IO ()
grantPermissions Text
forall context. (?context::context, ConfigProvider context) => Text
authenticatedRole
createAuthenticatedRole :: (?modelContext :: ModelContext) => Text -> IO ()
createAuthenticatedRole :: Text -> IO ()
createAuthenticatedRole Text
role = do
Query -> [Identifier] -> IO Int64
forall q.
(?modelContext::ModelContext, ToRow q, Show q) =>
Query -> q -> IO Int64
sqlExec Query
"CREATE ROLE ? NOLOGIN" [Text -> Identifier
PG.Identifier Text
role]
() -> IO ()
forall (f :: * -> *) a. Applicative f => a -> f a
pure ()
grantPermissions :: (?modelContext :: ModelContext) => Text -> IO ()
grantPermissions :: Text -> IO ()
grantPermissions Text
role = do
Query -> [Identifier] -> IO Int64
forall q.
(?modelContext::ModelContext, ToRow q, Show q) =>
Query -> q -> IO Int64
sqlExec Query
"GRANT USAGE ON SCHEMA public TO ?" [Text -> Identifier
PG.Identifier Text
role]
Query -> [Identifier] -> IO Int64
forall q.
(?modelContext::ModelContext, ToRow q, Show q) =>
Query -> q -> IO Int64
sqlExec Query
"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ?" [Text -> Identifier
PG.Identifier Text
role]
Query -> [Identifier] -> IO Int64
forall q.
(?modelContext::ModelContext, ToRow q, Show q) =>
Query -> q -> IO Int64
sqlExec Query
"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO ?" [Text -> Identifier
PG.Identifier Text
role]
() -> IO ()
forall (f :: * -> *) a. Applicative f => a -> f a
pure ()
authenticatedRole :: (?context :: context, ConfigProvider context) => Text
authenticatedRole :: Text
authenticatedRole = context
?context::context
?context
context -> (context -> FrameworkConfig) -> FrameworkConfig
forall t1 t2. t1 -> (t1 -> t2) -> t2
|> context -> FrameworkConfig
forall a. ConfigProvider a => a -> FrameworkConfig
getFrameworkConfig
FrameworkConfig -> (FrameworkConfig -> Text) -> Text
forall t1 t2. t1 -> (t1 -> t2) -> t2
|> Proxy "rlsAuthenticatedRole" -> FrameworkConfig -> Text
forall model (name :: Symbol) value.
(KnownSymbol name, HasField name model value) =>
Proxy name -> model -> value
get IsLabel "rlsAuthenticatedRole" (Proxy "rlsAuthenticatedRole")
Proxy "rlsAuthenticatedRole"
#rlsAuthenticatedRole