Skip to content

Commit

Permalink
Merge pull request #30 from recogito/develop
Browse files Browse the repository at this point in the history
Develop to main
  • Loading branch information
lwjameson authored Jul 2, 2024
2 parents 6f7d3ad + 76eebf5 commit 7dc13fe
Show file tree
Hide file tree
Showing 7 changed files with 284 additions and 903 deletions.
34 changes: 34 additions & 0 deletions SQL Scripts/functions/accept_join_request_rpc.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@

CREATE
OR REPLACE FUNCTION accept_join_request_rpc (
_project_id uuid,
_request_id uuid
) RETURNS BOOLEAN AS $body$
DECLARE
_default_group_id uuid;
_request public.join_requests % rowtype;
BEGIN
-- Check project policy that contexts can be updated by this user
IF NOT (check_action_policy_organization(auth.uid(), 'projects', 'UPDATE')
OR check_action_policy_project(auth.uid(), 'projects', 'UPDATE', _project_id))
THEN
RETURN FALSE;
END IF;

-- Get the request
SELECT * INTO _request FROM public.join_requests jr WHERE jr.id = _request_id LIMIT 1;

-- Get the group id
SELECT g.id INTO _default_group_id FROM public.project_groups g WHERE g.project_id = _project_id AND g.is_default = TRUE;

-- Add the user to the project
INSERT INTO public.group_users
(group_type, type_id, user_id)
VALUES('project', _default_group_id, _request.user_id);

-- Delete the request
DELETE FROM public.join_requests WHERE id = _request_id;

RETURN TRUE;
END
$body$ LANGUAGE plpgsql SECURITY DEFINER;
27 changes: 27 additions & 0 deletions SQL Scripts/functions/request_join_project_rpc.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
CREATE
OR REPLACE FUNCTION request_join_project_rpc (_project_id UUID) RETURNS BOOLEAN AS $body$
BEGIN

-- They at least have to be authenticated
IF NOT check_action_policy_organization(auth.uid(), 'documents', 'SELECT')
THEN
RETURN FALSE;
END IF;

IF EXISTS(SELECT * FROM public.projects p WHERE p.id = _project_id)
THEN

-- Cannot have multiple requests for some project from same person
IF NOT EXISTS(SELECT * FROM public.join_requests jr WHERE jr.user_id = auth.uid() AND jr.project_id = _project_id)
THEN
INSERT INTO public.join_requests
(user_id, project_id)
VALUES (auth.uid(), _project_id);

RETURN TRUE;
END IF;
END IF;

RETURN FALSE;
END
$body$ LANGUAGE plpgsql SECURITY DEFINER;
29 changes: 29 additions & 0 deletions SQL Scripts/policies/join_requests.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
DROP POLICY IF EXISTS "Users with correct policies can SELECT on join_requests" ON public.join_requests;

CREATE POLICY "Users with correct policies can SELECT on join_requests" ON public.join_requests FOR SELECT TO authenticated
USING (
(public.check_action_policy_organization(auth.uid(), 'join_requests', 'SELECT') OR
public.check_action_policy_project(auth.uid(), 'join_requests', 'SELECT', project_id))
);

DROP POLICY IF EXISTS "Users with correct policies can INSERT on join_requests" ON public.join_requests;

CREATE POLICY "Users with correct policies can INSERT on join_requests" ON public.join_requests FOR INSERT TO authenticated
WITH CHECK (public.check_action_policy_organization(auth.uid(), 'join_requests', 'INSERT') OR
public.check_action_policy_project(auth.uid(), 'join_requests', 'INSERT', project_id));

DROP POLICY IF EXISTS "Users with correct policies can UPDATE on join_requests" ON public.join_requests;

CREATE POLICY "Users with correct policies can UPDATE on join_requests" ON public.join_requests FOR UPDATE TO authenticated
USING (
public.check_action_policy_organization(auth.uid(), 'join_requests', 'UPDATE') OR
public.check_action_policy_project(auth.uid(), 'join_requests', 'UPDATE', project_id)
)
WITH CHECK (public.check_action_policy_organization(auth.uid(), 'join_requests', 'UPDATE') OR
public.check_action_policy_project(auth.uid(), 'join_requests', 'UPDATE', project_id));

DROP POLICY IF EXISTS "Users with correct policies can DELETE on join_requests" ON public.join_requests;

CREATE POLICY "Users with correct policies can DELETE on join_requests" ON public.join_requests FOR DELETE TO authenticated
USING (public.check_action_policy_organization(auth.uid(), 'join_requests', 'DELETE') OR
public.check_action_policy_project(auth.uid(), 'join_requests', 'DELETE', project_id));
12 changes: 12 additions & 0 deletions SQL Scripts/tables/join_requests.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
CREATE TABLE public.join_requests
(
id uuid NOT NULL DEFAULT uuid_generate_v4() PRIMARY KEY,
created_at timestamp WITH TIME ZONE DEFAULT NOW(),
created_by uuid,
updated_at timestamptz,
updated_by uuid REFERENCES public.profiles,
user_id uuid NOT NULL,
project_id uuid REFERENCES public.projects,
accepted bool DEFAULT FALSE,
ignored bool DEFAULT FALSE
);
Loading

0 comments on commit 7dc13fe

Please sign in to comment.