login and register, liking on homepage

author: Freya Murphy <freya@freyacat.org> 2024-04-01 11:09:25 -0400
committer: Freya Murphy <freya@freyacat.org> 2024-04-01 11:09:25 -0400
commit: 3a82baec9d793edf81ac2b151b0f4d4159641375 (patch)
tree: f9d50c296b078ac48c2a2391c172c3ccf37edb3f /src/db/rest/post/api_post_delete.sql
parent: refactor asset dir, refactor oberver in lib (diff)
download: xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.tar.gz
xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.tar.bz2
xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.zip
1 files changed, 32 insertions, 0 deletions
diff --git a/src/db/rest/post/api_post_delete.sql b/src/db/rest/post/api_post_delete.sql
new file mode 100644
index 0000000..8f26b40
--- /dev/null
+++ b/src/db/rest/post/api_post_delete.sql
@@ -0,0 +1,32 @@
+CREATE FUNCTION _api.post_delete()
+RETURNS TRIGGER
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+	_user_id INTEGER;
+BEGIN
+	_user_id = _api.get_user_id();
+
+	IF OLD.user_id <> _user_id THEN
+		PERFORM _api.raise_deny();
+	END IF;
+
+	UPDATE admin.post SET
+		deleted = TRUE,
+		modified = clock_timestamp()
+		WHERE id = OLD.id;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION _api.post_delete()
+	TO rest_user;
+GRANT DELETE ON TABLE api.post
+	TO rest_user;
+GRANT UPDATE ON TABLE admin.post
+	TO rest_user;
+
+CREATE TRIGGER api_post_delete_trgr
+	INSTEAD OF DELETE
+			ON api.post
+			FOR EACH ROW
+				EXECUTE PROCEDURE _api.post_delete();
author	Freya Murphy <freya@freyacat.org>	2024-04-01 11:09:25 -0400
committer	Freya Murphy <freya@freyacat.org>	2024-04-01 11:09:25 -0400
commit	3a82baec9d793edf81ac2b151b0f4d4159641375 (patch)
tree	f9d50c296b078ac48c2a2391c172c3ccf37edb3f /src/db/rest/post/api_post_delete.sql
parent	refactor asset dir, refactor oberver in lib (diff)
download	xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.tar.gz xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.tar.bz2 xssbook2-3a82baec9d793edf81ac2b151b0f4d4159641375.zip