xssbook2/db/rest/post/api_post_update.sql

51 lines
951 B
MySQL
Raw Normal View History

CREATE FUNCTION _api.post_update()
RETURNS TRIGGER
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
_user_id INTEGER;
_changed BOOLEAN;
BEGIN
_user_id = _api.get_user_id();
_changed = FALSE;
IF OLD.user_id <> _user_id THEN
PERFORM _api.raise_deny();
END IF;
NEW.content = COALESCE(NEW.content, OLD.content);
NEW.content := _api.trim(NEW.content);
PERFORM _api.validate_text(
_text => NEW.content,
_column => 'content',
_min => 1,
_max => 4096
);
IF NEW.content IS DISTINCT FROM OLD.content THEN
_changed = TRUE;
END IF;
IF _changed THEN
UPDATE admin.post
SET content = NEW.content
WHERE id = OLD.id;
END IF;
RETURN NEW;
END
$BODY$;
GRANT EXECUTE ON FUNCTION _api.post_update()
TO rest_user;
GRANT UPDATE ON TABLE api.post
TO rest_user;
GRANT UPDATE ON TABLE admin.post
TO rest_user;
CREATE TRIGGER api_post_update_trgr
INSTEAD OF UPDATE
ON api.post
FOR EACH ROW
EXECUTE PROCEDURE _api.post_update();