PlanTempusApp/Database/Core/DCL/SetupApplicationUser.cs

using System.Data;
using Database.Common;
using Insight.Database;

namespace Database.Core.DCL
{

	/// <summary>
	/// Only a superadmin or similar can create Application Users
	/// </summary>
	public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
	{
		public class Command
		{
			public required string Schema { get; init; }
			public required string User { get; init; }
			public required string Password { get; init; }
		}


		IDbConnection _db;
		Command _command;

		public SetupApplicationUser(IDbConnection db)
		{
			_db = db;
		}
		 
		public void With(Command command)
		{
			_command = command;

			if (!Validations.IsValidSchemaName(_command.Schema))
				throw new ArgumentException("Invalid schema name", _command.Schema);

			using (var transaction = _db.OpenWithTransaction())
			{
				try
				{
					CreateSchema();
					CreateRole();
					GrantSchemaRights();

					transaction.Commit();
				}
				catch (Exception ex)
				{
					transaction.Rollback();
					throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
				}
			}

		}
		private void ExecuteSql(string sql)
		{
			_db.ExecuteSql(sql);
		}

		private void CreateSchema()
		{
			var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
			ExecuteSql(sql);
		}

		private void CreateRole()
		{
			var sql = $@"
							DO $$ 
							BEGIN
							   IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
								   CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
							   END IF;
							END $$;";
			ExecuteSql(sql);

			var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
			ExecuteSql(sql1);
		}

		private void GrantSchemaRights()
		{
			// Grant USAGE og alle CREATE rettigheder på schema niveau
			var sql = $@"
						GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
						GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql);

			// Grant rettigheder på eksisterende og fremtidige tabeller
			var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql1);

			var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
			ExecuteSql(sql2);

			// Grant sequence rettigheder
			var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql3);

			// Grant execute på functions
			var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql4);

			// Grant for fremtidige functions
			var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
			ExecuteSql(sql5);

			// Grant for fremtidige sequences
			var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
			ExecuteSql(sql6);
		}

	}
}
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+								using System.Data;
 								using Database.Common;
 								using Insight.Database;
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+								namespace Database.Core.DCL
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+								{
 									/// <summary>
 									/// Only a superadmin or similar can create Application Users
 									/// </summary>
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+									public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+									{
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+										public class Command
 										{
 											public required string Schema { get; init; }
 											public required string User { get; init; }
 											public required string Password { get; init; }
 										}
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
 										IDbConnection _db;
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+										Command _command;
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
 										public SetupApplicationUser(IDbConnection db)
 										{
 											_db = db;
 										}
-												A lot of works different areas... no plan

											
										
										
											2025-02-16 23:39:26 +01:00
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+										public void With(Command command)
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+										{
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											_command = command;
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											if (!Validations.IsValidSchemaName(_command.Schema))
 												throw new ArgumentException("Invalid schema name", _command.Schema);
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											using (var transaction = _db.OpenWithTransaction())
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											{
 												try
 												{
 													CreateSchema();
 													CreateRole();
 													GrantSchemaRights();
 													transaction.Commit();
 												}
 												catch (Exception ex)
 												{
 													transaction.Rollback();
 													throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
 												}
 											}
 										}
 										private void ExecuteSql(string sql)
 										{
 											_db.ExecuteSql(sql);
 										}
 										private void CreateSchema()
 										{
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											ExecuteSql(sql);
 										}
 										private void CreateRole()
 										{
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											var sql = $@"
 															DO $$
 															BEGIN
 															   IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
 																   CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
 															   END IF;
 															END $$;";
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											ExecuteSql(sql);
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											ExecuteSql(sql1);
 										}
 										private void GrantSchemaRights()
 										{
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											// Grant USAGE og alle CREATE rettigheder på schema niveau
 											var sql = $@"
 														GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
 														GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											ExecuteSql(sql);
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											// Grant rettigheder på eksisterende og fremtidige tabeller
 											var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											ExecuteSql(sql1);
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+											ExecuteSql(sql2);
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
+											// Grant sequence rettigheder
 											var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
 											ExecuteSql(sql3);
 											// Grant execute på functions
 											var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
 											ExecuteSql(sql4);
 											// Grant for fremtidige functions
 											var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
 											ExecuteSql(sql5);
 											// Grant for fremtidige sequences
 											var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
 											ExecuteSql(sql6);
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+										}
-												Application User setup WIP

											
										
										
											2025-02-11 17:07:01 +01:00
-												wip

											
										
										
											2025-02-10 18:41:51 +01:00
+									}
 								}