-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path007_update_permissions_v1-1.sql
56 lines (42 loc) · 1.45 KB
/
007_update_permissions_v1-1.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
/*
GROUP HEADERS GENERATED BY: https://patorjk.com/software/taag/#p=display&h=0&v=1&c=c&f=ANSI%20Shadow&t=STAGE%20FUNCS
SUB GROUP HEADERS GENERATED BY: https://patorjk.com/software/taag/#p=display&h=1&v=1&c=c&f=Banner3&t=permissions
*/
select *
from start_version_update('1.1', 'Fix of API user not being removed on deletion of API key', _component := 'keen_auth_permissions');
create or replace function auth.delete_api_key(_deleted_by text, _user_id bigint, _api_key_id int,
_tenant_id int default 1)
returns table
(
__api_key_id int
)
language plpgsql
rows 1
as
$$
declare
__api_user_id bigint;
begin
perform auth.has_permission(_user_id, 'api_keys.delete_api_key', _tenant_id);
select user_id
from auth.api_key ak
inner join auth.user_info ui on ui.code = auth.generate_api_key_username(ak.api_key)
where api_key_id = _api_key_id
into __api_user_id;
delete from auth.permission_assignment where user_id = __api_user_id;
perform unsecure.delete_user_by_id(_deleted_by, _user_id, __api_user_id) du;
return query
delete from auth.api_key where api_key_id = _api_key_id
returning api_key_id;
perform
add_journal_msg(_deleted_by, _user_id
, format('User: %s deleted API key in tenant: %s'
, _deleted_by, _tenant_id)
, 'api_key', _api_key_id
, null
, 50503
, _tenant_id := _tenant_id);
end;
$$;
select *
from stop_version_update('1.1', _component := 'keen_auth_permissions');