WIP

recogito · Apr 9, 2024 · d93b0e5 · d93b0e5
1 parent 59bd786
commit d93b0e5
Show file tree

Hide file tree

Showing 8 changed files with 623 additions and 1,093 deletions.
diff --git a/SQL Scripts/functions/archive_context_documents_rpc.sql b/SQL Scripts/functions/archive_context_documents_rpc.sql
@@ -0,0 +1,48 @@
+CREATE
+OR REPLACE FUNCTION archive_context_documents_rpc (
+    _context_id uuid,
+    _document_ids uuid[] 
+) RETURNS BOOLEAN AS $body$
+DECLARE
+    _project_id uuid;
+    _layer_id uuid;
+    _document_id uuid;
+    _row RECORD;
+BEGIN
+    -- Find the project for this context  
+    SELECT p.id INTO _project_id FROM public.projects p 
+      INNER JOIN public.contexts c ON c.id = _context_id 
+      WHERE p.id = c.project_id;
+
+    -- Check project policy that context documents can be updated by this user
+    IF NOT check_action_policy_project(auth.uid(), 'context_documents', 'UPDATE', _project_id) THEN
+        RETURN FALSE;
+    END IF; 
+
+    -- Iterate through the document ids and archive them in project_documents and all context_documents
+    FOREACH _document_id IN ARRAY _document_ids 
+    LOOP
+        -- Archive the context_documents record
+        UPDATE public.context_document cd 
+          SET is_archived = TRUE 
+          WHERE cd.document_id = _document_id AND cd.context_id = _context_id;
+
+        -- Archive any related layers
+        FOR _row IN SELECT * FROM public.layers l 
+          INNER JOIN public.layer_contexts lc ON lc.context_id = _context_id
+          WHERE l.document_id = _document_id
+        LOOP 
+          UPDATE public.layers 
+            SET is_archived = TRUE 
+            WHERE id = _row.id;
+
+          UPDATE public.layer_contexts lc
+            SET is_archived = TRUE
+            WHERE lc.context_id = _context_id AND lc.layer_id = _row.id;
+        END LOOP;
+
+    END LOOP;
+
+    RETURN TRUE;
+END
+$body$ LANGUAGE plpgsql SECURITY DEFINER;
diff --git a/SQL Scripts/functions/archive_context_rpc.sql b/SQL Scripts/functions/archive_context_rpc.sql
@@ -0,0 +1,52 @@
+CREATE
+OR REPLACE FUNCTION archive_context_rpc (
+    _context_id uuid
+) RETURNS BOOLEAN AS $body$
+DECLARE
+    _project_id uuid;
+    _layer_id uuid;
+    _document_id uuid;
+    _row RECORD;
+    _row_2 RECORD;
+BEGIN
+    -- Find the project for this context  
+    SELECT p.id INTO _project_id FROM public.projects p 
+      INNER JOIN public.contexts c ON c.id = _context_id 
+      WHERE p.id = c.project_id;
+
+    -- Check project policy that context documents can be updated by this user
+    IF NOT check_action_policy_project(auth.uid(), 'contexts', 'UPDATE', _project_id) THEN
+        RAISE LOG 'Check action policy failed for project %', _project_id;
+        RETURN FALSE;
+    END IF; 
+
+    -- Iterate through the document ids in this context and archive them in all context_documents
+    FOR _row IN SELECT * FROM public.context_documents cd WHERE cd.context_id = _context_id 
+    LOOP
+        -- Archive the context_documents record
+        UPDATE public.context_documents cd 
+          SET is_archived = TRUE 
+          WHERE cd.id = _row.id;
+
+        -- Archive any related layers
+        FOR _row_2 IN SELECT * FROM public.layers l 
+          INNER JOIN public.layer_contexts lc ON lc.context_id = _context_id
+          WHERE l.document_id = _row.document_id
+        LOOP 
+          UPDATE public.layers 
+            SET is_archived = TRUE 
+            WHERE id = _row_2.id;
+
+          UPDATE public.layer_contexts lc
+            SET is_archived = TRUE
+            WHERE lc.context_id = _context_id AND lc.layer_id = _row_2.id;
+        END LOOP;
+
+    END LOOP;
+
+    UPDATE public.contexts 
+      SET is_archived = TRUE 
+      WHERE id = _context_id;
+    RETURN TRUE;
+END
+$body$ LANGUAGE plpgsql SECURITY DEFINER;
diff --git a/SQL Scripts/functions/archive_project_documents_rpc.sql b/SQL Scripts/functions/archive_project_documents_rpc.sql
@@ -7,6 +7,7 @@ DECLARE
     _context_id uuid;
     _layer_id uuid;
     _document_id uuid;
+    _row RECORD;
 BEGIN
     -- Check project policy that project documents can be updated by this user
     IF NOT check_action_policy_project(auth.uid(), 'project_documents', 'UPDATE', _project_id) THEN
@@ -19,13 +20,15 @@ BEGIN
         -- Archive the project_documents record
         UPDATE public.project_documents pd 
           SET is_archived = TRUE 
-          WHERE pd.document_id = _id AND pd.project_id = _project_id;
+          WHERE pd.document_id = _document_id AND pd.project_id = _project_id;
 
         -- Archive the document in all contexts that contain it
-        UPDATE public.context_documents cd 
-          SET cd.is_archived = TRUE 
-          FROM public.contexts c
-          WHERE cd.document_id = _id AND c.project_id = _project_id;
+        FOR _row IN SELECT * FROM public.contexts c WHERE c.project_id = _project_id
+        LOOP 
+          UPDATE public.context_documents 
+            SET is_archived = TRUE 
+            WHERE document_id = _document_id;
+        END LOOP;
 
     END LOOP;
 

diff --git a/SQL Scripts/policies/context_documents.sql b/SQL Scripts/policies/context_documents.sql
@@ -0,0 +1,35 @@
+DROP POLICY IF EXISTS "Users with correct policies can SELECT on context_documents" ON public.context_documents;
+
+CREATE POLICY "Users with correct policies can SELECT on context_documents" ON public.context_documents FOR SELECT TO authenticated
+    USING (
+        is_archived IS FALSE AND
+        (public.check_action_policy_organization(auth.uid(), 'context_documents', 'SELECT') OR
+         public.check_action_policy_project_from_context(auth.uid(), 'context_documents', 'SELECT', context_id) OR
+         public.check_action_policy_layer_from_context_select(auth.uid(), 'context_documents', context_id))
+    );
+
+DROP POLICY IF EXISTS "Users with correct policies can INSERT on context_documents" ON public.context_documents;
+
+CREATE POLICY "Users with correct policies can INSERT on context_documents" ON public.context_documents FOR INSERT TO authenticated
+    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'context_documents', 'INSERT') OR
+                public.check_action_policy_project_from_context(auth.uid(), 'context_documents', 'INSERT', context_id) OR 
+                public.check_action_policy_layer_from_context(auth.uid(), 'context_documents', 'INSERT', context_id));
+
+DROP POLICY IF EXISTS "Users with correct policies can UPDATE on context_documents" ON public.context_documents;
+
+CREATE POLICY "Users with correct policies can UPDATE on context_documents" ON public.context_documents FOR UPDATE TO authenticated
+    USING (
+        public.check_action_policy_organization(auth.uid(), 'context_documents', 'UPDATE') OR
+        public.check_action_policy_project_from_context(auth.uid(), 'context_documents', 'UPDATE', context_id) OR
+        public.check_action_policy_layer_from_context(auth.uid(), 'context_documents', 'UPDATE', context_id)
+    )
+    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'context_documents', 'UPDATE') OR
+                public.check_action_policy_project_from_context(auth.uid(), 'context_documents', 'UPDATE', context_id) OR
+                public.check_action_policy_layer_from_context(auth.uid(), 'context_documents', 'UPDATE', context_id));
+
+DROP POLICY IF EXISTS "Users with correct policies can DELETE on context_documents" ON public.context_documents;
+
+CREATE POLICY "Users with correct policies can DELETE on context_documents" ON public.context_documents FOR DELETE TO authenticated
+    USING (public.check_action_policy_organization(auth.uid(), 'context_documents', 'DELETE') OR
+           public.check_action_policy_project_from_context(auth.uid(), 'context_documents', 'DELETE', context_id) OR 
+           public.check_action_policy_layer_from_context(auth.uid(), 'context_documents', 'DELETE', context_id));