xssbook2/db/rest/post/api_post_delete.sql

CREATE FUNCTION _api.post_delete()
RETURNS TRIGGER
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
	_user_id INTEGER;
BEGIN
	_user_id = _api.get_user_id();

	IF OLD.user_id <> _user_id THEN
		PERFORM _api.raise_deny();
	END IF;

	DELETE FROM admin.post
	WHERE user_id = _user_id
	AND id = OLD.id;
END
$BODY$;

GRANT EXECUTE ON FUNCTION _api.post_delete()
	TO rest_user;
GRANT DELETE ON TABLE api.post
	TO rest_user;
GRANT DELETE ON TABLE admin.post
	TO rest_user;

CREATE TRIGGER api_post_delete_trgr
	INSTEAD OF DELETE
			ON api.post
			FOR EACH ROW
				EXECUTE PROCEDURE _api.post_delete();
start database (user and post), and initial barebones home page 2024-03-30 02:29:56 +00:00			`CREATE FUNCTION _api.post_delete()`
			`RETURNS TRIGGER`
			`LANGUAGE plpgsql VOLATILE`
			`AS $BODY$`
			`DECLARE`
			`_user_id INTEGER;`
			`BEGIN`
			`_user_id = _api.get_user_id();`

			`IF OLD.user_id <> _user_id THEN`
			`PERFORM _api.raise_deny();`
			`END IF;`

			`DELETE FROM admin.post`
			`WHERE user_id = _user_id`
			`AND id = OLD.id;`
			`END`
			`$BODY$;`

			`GRANT EXECUTE ON FUNCTION _api.post_delete()`
			`TO rest_user;`
			`GRANT DELETE ON TABLE api.post`
			`TO rest_user;`
			`GRANT DELETE ON TABLE admin.post`
			`TO rest_user;`

			`CREATE TRIGGER api_post_delete_trgr`
			`INSTEAD OF DELETE`
			`ON api.post`
			`FOR EACH ROW`
			`EXECUTE PROCEDURE _api.post_delete();`