-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into add-django-command-to-remove-unnecessary-wor…
…kbook-artifacts
- Loading branch information
Showing
14 changed files
with
607 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| DO | ||
| $do$ | ||
| BEGIN | ||
| IF EXISTS ( | ||
| SELECT FROM pg_catalog.pg_roles | ||
| WHERE rolname = 'authenticator') THEN | ||
| RAISE NOTICE 'Role "authenticator" already exists. Skipping.'; | ||
| ELSE | ||
| CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER; | ||
| END IF; | ||
| END | ||
| $do$; | ||
|
|
||
| DO | ||
| $do$ | ||
| BEGIN | ||
| IF EXISTS ( | ||
| SELECT FROM pg_catalog.pg_roles | ||
| WHERE rolname = 'api_fac_gov') THEN | ||
| RAISE NOTICE 'Role "api_fac_gov" already exists. Skipping.'; | ||
| ELSE | ||
| CREATE ROLE api_fac_gov NOLOGIN; | ||
| END IF; | ||
| END | ||
| $do$; | ||
|
|
||
| GRANT api_fac_gov TO authenticator; | ||
|
|
||
| NOTIFY pgrst, 'reload schema'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| -- WARNING | ||
| -- Under PostgreSQL 12, the functions below work. | ||
| -- Under PostgreSQL 14, these will break. | ||
| -- | ||
| -- Note the differences: | ||
| -- | ||
| -- raise info 'Works under PostgreSQL 12'; | ||
| -- raise info 'request.header.x-magic %', (SELECT current_setting('request.header.x-magic', true)); | ||
| -- raise info 'request.jwt.claim.expires %', (SELECT current_setting('request.jwt.claim.expires', true)); | ||
| -- raise info 'Works under PostgreSQL 14'; | ||
| -- raise info 'request.headers::json->>x-magic %', (SELECT current_setting('request.headers', true)::json->>'x-magic'); | ||
| -- raise info 'request.jwt.claims::json->expires %', (SELECT current_setting('request.jwt.claims', true)::json->>'expires'); | ||
| -- | ||
| -- To quote the work of Dav Pilkey, "remember this now." | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION api_v1_1_1_functions.get_header(item text) RETURNS text | ||
| AS $get_header$ | ||
| declare res text; | ||
| begin | ||
| SELECT (current_setting('request.headers', true)::json)->>item into res; | ||
| return res; | ||
| end; | ||
| $get_header$ LANGUAGE plpgsql; | ||
|
|
||
| create or replace function api_v1_1_1_functions.get_api_key_uuid() returns TEXT | ||
| as $gaku$ | ||
| declare uuid text; | ||
| begin | ||
| select api_v1_1_1_functions.get_header('x-api-user-id') into uuid; | ||
| return uuid; | ||
| end; | ||
| $gaku$ LANGUAGE plpgsql; | ||
|
|
||
| create or replace function api_v1_1_1_functions.has_tribal_data_access() | ||
| returns boolean | ||
| as $has_tribal_data_access$ | ||
| DECLARE | ||
| uuid_header UUID; | ||
| key_exists boolean; | ||
| BEGIN | ||
|
|
||
| SELECT api_v1_1_1_functions.get_api_key_uuid() INTO uuid_header; | ||
| SELECT | ||
| CASE WHEN EXISTS ( | ||
| SELECT key_id | ||
| FROM public.dissemination_TribalApiAccessKeyIds taaki | ||
| WHERE taaki.key_id = uuid_header::TEXT) | ||
| THEN 1::BOOLEAN | ||
| ELSE 0::BOOLEAN | ||
| END | ||
| INTO key_exists; | ||
| RAISE INFO 'api_v1_1_1 has_tribal % %', uuid_header, key_exists; | ||
| RETURN key_exists; | ||
| END; | ||
| $has_tribal_data_access$ LANGUAGE plpgsql; | ||
|
|
||
|
|
||
| NOTIFY pgrst, 'reload schema'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| begin; | ||
|
|
||
| do | ||
| $$ | ||
| begin | ||
| DROP SCHEMA IF EXISTS api_v1_1_1 CASCADE; | ||
| DROP SCHEMA IF EXISTS api_v1_1_1_functions CASCADE; | ||
|
|
||
| if not exists (select schema_name from information_schema.schemata where schema_name = 'api_v1_1_1') then | ||
| create schema api_v1_1_1; | ||
| create schema api_v1_1_1_functions; | ||
|
|
||
| grant usage on schema api_v1_1_1_functions to api_fac_gov; | ||
|
|
||
| -- Grant access to tables and views | ||
| alter default privileges | ||
| in schema api_v1_1_1 | ||
| grant select | ||
| -- this includes views | ||
| on tables | ||
| to api_fac_gov; | ||
|
|
||
| -- Grant access to sequences, if we have them | ||
| grant usage on schema api_v1_1_1 to api_fac_gov; | ||
| grant select, usage on all sequences in schema api_v1_1_1 to api_fac_gov; | ||
| alter default privileges | ||
| in schema api_v1_1_1 | ||
| grant select, usage | ||
| on sequences | ||
| to api_fac_gov; | ||
| end if; | ||
| end | ||
| $$ | ||
| ; | ||
|
|
||
| -- https://postgrest.org/en/stable/references/api/openapi.html | ||
| -- This is the title (version number) and description (text). | ||
| COMMENT ON SCHEMA api_v1_1_1 IS | ||
| $$v1.1.1 | ||
|
|
||
| A RESTful API that serves data from the SF-SAC.$$; | ||
|
|
||
|
|
||
| commit; | ||
|
|
||
| notify pgrst, | ||
| 'reload schema'; | ||
|
|
Oops, something went wrong.