PlanTempusApp/Database/Core/DCL/SetupApplicationUser.cs

using System.Data;
using Database.Common;
using Insight.Database;

namespace Database.Core.DCL
{

	/// <summary>
	/// Only a superadmin or similar can create Application Users
	/// </summary>
	public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
	{
		public class Command
		{
			public required string Schema { get; init; }
			public required string User { get; init; }
			public required string Password { get; init; }
		}


		IDbConnection _db;
		Command _command;

		public SetupApplicationUser(IDbConnection db)
		{
			_db = db;
		}
		
		public void Setup(string schema = null)
		{
			throw new NotImplementedException();
		}
		public void With(Command command)
		{
			_command = command;

			if (!Validations.IsValidSchemaName(_command.Schema))
				throw new ArgumentException("Invalid schema name", _command.Schema);

			using (var transaction = _db.OpenWithTransaction())
			{
				try
				{
					CreateSchema();
					CreateRole();
					GrantSchemaRights();

					transaction.Commit();
				}
				catch (Exception ex)
				{
					transaction.Rollback();
					throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
				}
			}

		}
		private void ExecuteSql(string sql)
		{
			_db.ExecuteSql(sql);
		}

		private void CreateSchema()
		{
			var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
			ExecuteSql(sql);
		}

		private void CreateRole()
		{
			var sql = $@"
							DO $$ 
							BEGIN
							   IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
								   CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
							   END IF;
							END $$;";
			ExecuteSql(sql);

			var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
			ExecuteSql(sql1);
		}

		private void GrantSchemaRights()
		{
			// Grant USAGE og alle CREATE rettigheder på schema niveau
			var sql = $@"
						GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
						GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql);

			// Grant rettigheder på eksisterende og fremtidige tabeller
			var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql1);

			var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
			ExecuteSql(sql2);

			// Grant sequence rettigheder
			var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql3);

			// Grant execute på functions
			var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
			ExecuteSql(sql4);

			// Grant for fremtidige functions
			var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
			ExecuteSql(sql5);

			// Grant for fremtidige sequences
			var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
			ExecuteSql(sql6);
		}

	}
}