CREATE FUNCTION api.update_password(
	current_password TEXT,
	new_password TEXT
)
RETURNS void
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
	_user_id INTEGER;
	_real_password TEXT;
BEGIN
	_user_id = _api.get_user_id();

	PERFORM _api.validate_text(
		_text => new_password,
		_column => 'password',
		_min => 1,
		_max => 256
	);

	SELECT password
		INTO _real_password
		FROM admin.user
		WHERE id = _user_id;

	IF _real_password <> current_password THEN
		PERFORM _api.raise(
			_msg => 'api_invalid_password'
		);
	END IF;

	UPDATE
		admin.user
	SET
		"password" = new_password
	WHERE
		id = _user_id;
END
$BODY$;

GRANT EXECUTE ON FUNCTION api.update_password(TEXT, TEXT)
	TO rest_user;
GRANT SELECT, UPDATE ON TABLE admin.user
	TO rest_user;