diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-04-01 11:09:25 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-04-01 11:09:25 -0400 |
| commit | 3a82baec9d793edf81ac2b151b0f4d4159641375 (patch) | |
| tree | f9d50c296b078ac48c2a2391c172c3ccf37edb3f /src/db/rest/comment | |
| parent | refactor asset dir, refactor oberver in lib (diff) | |
| download | xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.tar.gz xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.tar.bz2 xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.zip | |
login and register, liking on homepage
Diffstat (limited to 'src/db/rest/comment')
| -rw-r--r-- | src/db/rest/comment/api_comment.sql | 29 | ||||
| -rw-r--r-- | src/db/rest/comment/api_comment_delete.sql | 32 | ||||
| -rw-r--r-- | src/db/rest/comment/api_comment_insert.sql | 58 | ||||
| -rw-r--r-- | src/db/rest/comment/api_comment_update.sql | 51 |
4 files changed, 170 insertions, 0 deletions
diff --git a/src/db/rest/comment/api_comment.sql b/src/db/rest/comment/api_comment.sql new file mode 100644 index 0000000..c8a0e19 --- /dev/null +++ b/src/db/rest/comment/api_comment.sql @@ -0,0 +1,29 @@ +CREATE VIEW api.comment AS + SELECT + c.id, + c.user_id, + c.post_id, + c.content, + c.created, + c.modified + FROM + admin.comment c + LEFT JOIN + admin.post p + ON + p.id = c.post_id + LEFT JOIN + admin.user u + ON + u.id = c.user_id + WHERE + c.deleted <> TRUE AND + p.deleted <> TRUE AND + u.deleted <> TRUE + ORDER BY + id ASC; + +GRANT SELECT ON TABLE api.comment + TO rest_anon, rest_user; +GRANT SELECT ON TABLE admin.comment + TO rest_anon, rest_user; diff --git a/src/db/rest/comment/api_comment_delete.sql b/src/db/rest/comment/api_comment_delete.sql new file mode 100644 index 0000000..262b2ed --- /dev/null +++ b/src/db/rest/comment/api_comment_delete.sql @@ -0,0 +1,32 @@ +CREATE FUNCTION _api.comment_delete() +RETURNS TRIGGER +LANGUAGE plpgsql VOLATILE +AS $BODY$ +DECLARE + _user_id INTEGER; +BEGIN + _user_id = _api.get_user_id(); + + IF OLD.user_id <> _user_id THEN + PERFORM _api.raise_deny(); + END IF; + + UPDATE admin.comment SET + deleted = TRUE, + modified = clock_timestamp() + WHERE id = OLD.id; +END +$BODY$; + +GRANT EXECUTE ON FUNCTION _api.comment_delete() + TO rest_user; +GRANT DELETE ON TABLE api.comment + TO rest_user; +GRANT UPDATE ON TABLE admin.comment + TO rest_user; + +CREATE TRIGGER api_comment_delete_trgr + INSTEAD OF DELETE + ON api.comment + FOR EACH ROW + EXECUTE PROCEDURE _api.comment_delete(); diff --git a/src/db/rest/comment/api_comment_insert.sql b/src/db/rest/comment/api_comment_insert.sql new file mode 100644 index 0000000..990beef --- /dev/null +++ b/src/db/rest/comment/api_comment_insert.sql @@ -0,0 +1,58 @@ +CREATE FUNCTION _api.comment_insert() +RETURNS TRIGGER +LANGUAGE plpgsql VOLATILE +AS $BODY$ +DECLARE + _user_id INTEGER; +BEGIN + _user_id = _api.get_user_id(); + + NEW.content := _api.trim(NEW.content); + PERFORM _api.validate_text( + _text => NEW.content, + _column => 'content', + _min => 1, + _max => 1024 + ); + + PERFORM TRUE + FROM admin.post + WHERE id = NEW.post_id; + + IF NOT FOUND THEN + PERFORM _api.raise( + _msg => 'api_null_post', + _err => 400 + ); + END IF; + + INSERT INTO admin.comment ( + user_id, + post_id, + content + ) VALUES ( + _user_id, + NEW.post_id, + NEW.content + ) + RETURNING id + INTO NEW.id; + + RETURN NEW; +END +$BODY$; + +GRANT EXECUTE ON FUNCTION _api.comment_insert() + TO rest_user; +GRANT INSERT ON TABLE api.comment + TO rest_user; +GRANT INSERT ON TABLE admin.comment + TO rest_user; +GRANT UPDATE ON TABLE sys.comment_id_seq + TO rest_user; + +CREATE TRIGGER api_comment_insert_trgr + INSTEAD OF INSERT + ON api.comment + FOR EACH ROW + EXECUTE PROCEDURE _api.comment_insert(); diff --git a/src/db/rest/comment/api_comment_update.sql b/src/db/rest/comment/api_comment_update.sql new file mode 100644 index 0000000..b8fc16d --- /dev/null +++ b/src/db/rest/comment/api_comment_update.sql @@ -0,0 +1,51 @@ +CREATE FUNCTION _api.comment_update() +RETURNS TRIGGER +LANGUAGE plpgsql VOLATILE +AS $BODY$ +DECLARE + _user_id INTEGER; + _changed BOOLEAN; +BEGIN + _user_id = _api.get_user_id(); + _changed = FALSE; + + IF OLD.user_id <> _user_id THEN + PERFORM _api.raise_deny(); + END IF; + + NEW.content = COALESCE(NEW.content, OLD.content); + NEW.content := _api.trim(NEW.content); + PERFORM _api.validate_text( + _text => NEW.content, + _column => 'content', + _min => 1, + _max => 1024 + ); + + IF NEW.content IS DISTINCT FROM OLD.content THEN + _changed = TRUE; + END IF; + + IF _changed THEN + UPDATE admin.comment SET + content = NEW.content, + modified = clock_timestamp() + WHERE id = OLD.id; + END IF; + + RETURN NEW; +END +$BODY$; + +GRANT EXECUTE ON FUNCTION _api.comment_update() + TO rest_user; +GRANT UPDATE ON TABLE api.comment + TO rest_user; +GRANT UPDATE ON TABLE admin.comment + TO rest_user; + +CREATE TRIGGER api_comment_update_trgr + INSTEAD OF UPDATE + ON api.comment + FOR EACH ROW + EXECUTE PROCEDURE _api.comment_update(); |