From 944b6b0526032ad8c1b4a2612d6723bec75e0e4c Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Fri, 29 Mar 2024 22:29:56 -0400
Subject: start database (user and post), and initial barebones home page

---
 db/rest/post/api_post.sql        | 13 +++++++++++++
 db/rest/post/api_post_delete.sql | 31 +++++++++++++++++++++++++++++++
 db/rest/post/api_post_insert.sql | 40 ++++++++++++++++++++++++++++++++++++++++
 db/rest/post/api_post_update.sql | 18 ++++++++++++++++++
 4 files changed, 102 insertions(+)
 create mode 100644 db/rest/post/api_post.sql
 create mode 100644 db/rest/post/api_post_delete.sql
 create mode 100644 db/rest/post/api_post_insert.sql
 create mode 100644 db/rest/post/api_post_update.sql

(limited to 'db/rest/post')

diff --git a/db/rest/post/api_post.sql b/db/rest/post/api_post.sql
new file mode 100644
index 0000000..a91d9d2
--- /dev/null
+++ b/db/rest/post/api_post.sql
@@ -0,0 +1,13 @@
+CREATE VIEW api.post AS
+	SELECT
+		p.id,
+		p.user_id,
+		p.content,
+		p.date
+	FROM
+		admin.post p;
+
+GRANT SELECT ON TABLE api.post
+	TO rest_anon, rest_user;
+GRANT SELECT ON TABLE admin.post
+	TO rest_anon, rest_user;
diff --git a/db/rest/post/api_post_delete.sql b/db/rest/post/api_post_delete.sql
new file mode 100644
index 0000000..e3dec55
--- /dev/null
+++ b/db/rest/post/api_post_delete.sql
@@ -0,0 +1,31 @@
+CREATE FUNCTION _api.post_delete()
+RETURNS TRIGGER
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+	_user_id INTEGER;
+BEGIN
+	_user_id = _api.get_user_id();
+
+	IF OLD.user_id <> _user_id THEN
+		PERFORM _api.raise_deny();
+	END IF;
+
+	DELETE FROM admin.post
+	WHERE user_id = _user_id
+	AND id = OLD.id;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION _api.post_delete()
+	TO rest_user;
+GRANT DELETE ON TABLE api.post
+	TO rest_user;
+GRANT DELETE ON TABLE admin.post
+	TO rest_user;
+
+CREATE TRIGGER api_post_delete_trgr
+	INSTEAD OF DELETE
+			ON api.post
+			FOR EACH ROW
+				EXECUTE PROCEDURE _api.post_delete();
diff --git a/db/rest/post/api_post_insert.sql b/db/rest/post/api_post_insert.sql
new file mode 100644
index 0000000..9eb200c
--- /dev/null
+++ b/db/rest/post/api_post_insert.sql
@@ -0,0 +1,40 @@
+CREATE FUNCTION _api.post_insert()
+RETURNS TRIGGER
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+	_user_id INTEGER;
+BEGIN
+	_user_id = _api.get_user_id();
+
+	PERFORM _api.validate_text(
+		_text => NEW.content,
+		_column => 'content',
+		_min => 1,
+		_max => 4096
+	);
+
+	INSERT INTO admin.post (
+		user_id,
+		content
+	) VALUES (
+		_user_id,
+		NEW.content
+	);
+
+	RETURN NEW;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION _api.post_insert()
+	TO rest_user;
+GRANT INSERT ON TABLE api.post
+	TO rest_user;
+GRANT INSERT ON TABLE admin.post
+	TO rest_user;
+
+CREATE TRIGGER api_post_insert_trgr
+	INSTEAD OF INSERT
+			ON api.post
+			FOR EACH ROW
+				EXECUTE PROCEDURE _api.post_insert();
diff --git a/db/rest/post/api_post_update.sql b/db/rest/post/api_post_update.sql
new file mode 100644
index 0000000..915d0cd
--- /dev/null
+++ b/db/rest/post/api_post_update.sql
@@ -0,0 +1,18 @@
+CREATE FUNCTION _api.post_update()
+RETURNS TRIGGER
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+	_length INTEGER;
+BEGIN
+	RETURN NEW;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION _api.post_update() TO rest_user;
+
+CREATE TRIGGER api_post_update_trgr
+	INSTEAD OF UPDATE
+			ON api.post
+			FOR EACH ROW
+				EXECUTE PROCEDURE _api.post_update();
-- 
cgit v1.2.3-freya