Janus007/PlanTempusApp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

A lot of works different areas... no plan

Browse source
This commit is contained in:
Janus C. H. Knudsen 2025-02-16 23:39:26 +01:00
parent 087f8ce0e9
commit 1aea1e894a
16 changed files with 1433 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Database/Core/DCL/SetupApplicationUser.cs
View file

@ -25,11 +25,7 @@ namespace Database.Core.DCL
{
_db = db;
}
public void Setup(string schema = null)
{
throw new NotImplementedException();
}
public void With(Command command)
{
_command = command;

119
Database/Core/DCL/SetupDbAdmin.cs Normal file
View file

@ -0,0 +1,119 @@
using System.Data;
using Database.Common;
using Insight.Database;
namespace Database.Core.DCL
{
/// <summary>
/// Only a superadmin or similar can create Application Users
/// </summary>
public class SetupDbAdmin : IDbConfigure<SetupDbAdmin.Command>
{
public class Command
{
public required string Schema { get; init; }
public required string User { get; init; }
public required string Password { get; init; }
}
IDbConnection _db;
Command _command;
public SetupDbAdmin(IDbConnection db)
{
_db = db;
}
public void With(Command command)
{
_command = command;
if (!Validations.IsValidSchemaName(_command.Schema))
throw new ArgumentException("Invalid schema name", _command.Schema);
using (var transaction = _db.OpenWithTransaction())
{
try
{
CreateSchema();
CreateRole();
GrantSchemaRights();
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
}
}
}
private void ExecuteSql(string sql)
{
_db.ExecuteSql(sql);
}
private void CreateSchema()
{
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
ExecuteSql(sql);
}
private void CreateRole()
{
var sql = $@"
DO $$
BEGIN
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
END IF;
END $$;";
ExecuteSql(sql);
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
ExecuteSql(sql1);
var sql2 = $"ALTER SCHEMA {_command.Schema} OWNER TO {_command.User};";
ExecuteSql(sql2);
}
private void GrantSchemaRights()
{
// Grant USAGE og alle CREATE rettigheder på schema niveau
//GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
var sql = $@"
GRANT CREATE ON SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql);
// Grant rettigheder på eksisterende og fremtidige tabeller
//var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
//ExecuteSql(sql1);
//var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
//ExecuteSql(sql2);
//// Grant sequence rettigheder
//var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
//ExecuteSql(sql3);
//// Grant execute på functions
//var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
//ExecuteSql(sql4);
//// Grant for fremtidige functions
//var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
//ExecuteSql(sql5);
//// Grant for fremtidige sequences
//var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
//ExecuteSql(sql6);
}
}
}

197
Database/Core/DDL/SetupIdentitySystem.cs
View file

@ -3,63 +3,68 @@ using System.Data;
namespace Database.Core.DDL
{
/// <summary>
/// This is by purpose not async await
/// It is intended that this is created with the correct Application User, which is why the schema name is omitted.
/// </summary>
public class SetupIdentitySystem : IDbConfigure<SetupIdentitySystem.Command>
{
public class Command { }
/// <summary>
/// This is by purpose not async await
/// It is intended that this is created with the correct Application User, which is why the schema name is omitted.
/// </summary>
public class SetupIdentitySystem : IDbConfigure<SetupIdentitySystem.Command>
{
public class Command
{
public required string Schema { get; init; }
}
readonly IDbConnection _db;
IDbTransaction _transaction = null;
string _schema;
readonly IDbConnection _db;
IDbTransaction _transaction = null;
Command _command;
public SetupIdentitySystem(IDbConnection db)
{
_db = db;
}
public SetupIdentitySystem(IDbConnection db)
{
_db = db;
}
/// <summary>
/// Creates the system tables in the specified schema within a transaction.
/// </summary>
/// <param name="schema">The schema name where the tables will be created.</param>
public void With(Command emptyByIntention)
{
using (_transaction = _db.OpenWithTransaction())
{
try
{
CreateUsersTable();
CreateOrganizationsTable();
CreateUserOrganizationsTable();
SetupRLS();
/// <summary>
/// Creates the system tables in the specified schema within a transaction.
/// </summary>
/// <param name="schema">The schema name where the tables will be created.</param>
public void With(Command command)
{
_command = command;
_transaction.Commit();
}
catch (Exception ex)
{
_transaction.Rollback();
throw new InvalidOperationException("Failed to SetupIdentitySystem. Transaction is rolled back", ex);
}
}
}
private void ExecuteSql(string sql)
{
if (string.IsNullOrEmpty(sql))
throw new ArgumentNullException(nameof(sql));
using (_transaction = _db.OpenWithTransaction())
{
try
{
CreateUsersTable();
CreateOrganizationsTable();
CreateUserOrganizationsTable();
SetupRLS();
_db.ExecuteSql(sql);
}
_transaction.Commit();
}
catch (Exception ex)
{
_transaction.Rollback();
throw new InvalidOperationException("Failed to SetupIdentitySystem. Transaction is rolled back", ex);
}
}
}
private void ExecuteSql(string sql)
{
if (string.IsNullOrEmpty(sql))
throw new ArgumentNullException(nameof(sql));
_db.ExecuteSql(sql);
}
/// <summary>
/// Creates the users table
/// </summary>
void CreateUsersTable()
{
var sql = @"
CREATE TABLE IF NOT EXISTS users (
/// <summary>
/// Creates the users table
/// </summary>
void CreateUsersTable()
{
var sql = @$"
CREATE TABLE IF NOT EXISTS {_command.Schema}.users (
id SERIAL PRIMARY KEY,
email VARCHAR(256) NOT NULL UNIQUE,
password_hash VARCHAR(256) NOT NULL,
@ -73,73 +78,73 @@ namespace Database.Core.DDL
last_login_at TIMESTAMPTZ NULL
);";
ExecuteSql(sql);
ExecuteSql(sql);
}
}
/// <summary>
/// Creates the organizations table
/// </summary>
void CreateOrganizationsTable()
{
var sql = @"
CREATE TABLE IF NOT EXISTS organizations (
/// <summary>
/// Creates the organizations table
/// </summary>
void CreateOrganizationsTable()
{
var sql = @$"
CREATE TABLE IF NOT EXISTS {_command.Schema}.organizations (
id SERIAL PRIMARY KEY,
connection_string VARCHAR(500) NOT NULL,
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_by INTEGER NOT NULL REFERENCES users(id),
created_by INTEGER NOT NULL REFERENCES {_command.Schema}.users(id),
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
);";
ExecuteSql(sql);
ExecuteSql(sql);
}
}
/// <summary>
/// Creates the user_organizations table
/// </summary>
void CreateUserOrganizationsTable()
{
var sql = @"
CREATE TABLE IF NOT EXISTS user_organizations (
user_id INTEGER NOT NULL REFERENCES users(id),
organization_id INTEGER NOT NULL REFERENCES organizations(id),
/// <summary>
/// Creates the user_organizations table
/// </summary>
void CreateUserOrganizationsTable()
{
var sql = @$"
CREATE TABLE IF NOT EXISTS {_command.Schema}.user_organizations (
user_id INTEGER NOT NULL REFERENCES {_command.Schema}.users(id),
organization_id INTEGER NOT NULL REFERENCES {_command.Schema}.organizations(id),
pin_code VARCHAR(10) NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (user_id, organization_id)
);";
ExecuteSql(sql);
ExecuteSql(sql);
}
}
/// <summary>
/// Sets up Row Level Security (RLS) for the organizations and user_organizations tables.
/// </summary>
void SetupRLS()
{
var sql = new[]
{
"ALTER TABLE organizations ENABLE ROW LEVEL SECURITY;",
"ALTER TABLE user_organizations ENABLE ROW LEVEL SECURITY;",
"DROP POLICY IF EXISTS organization_access ON organizations;",
@"CREATE POLICY organization_access ON organizations
/// <summary>
/// Sets up Row Level Security (RLS) for the organizations and user_organizations tables.
/// </summary>
void SetupRLS()
{
var sql = new[]
{
$"ALTER TABLE {_command.Schema}.organizations ENABLE ROW LEVEL SECURITY;",
$"ALTER TABLE {_command.Schema}.user_organizations ENABLE ROW LEVEL SECURITY;",
$"DROP POLICY IF EXISTS organization_access ON {_command.Schema}.organizations;",
@$"CREATE POLICY organization_access ON {_command.Schema}.organizations
USING (id IN (
SELECT organization_id
FROM user_organizations
FROM {_command.Schema}.user_organizations
WHERE user_id = current_setting('app.user_id', TRUE)::INTEGER
));",
"DROP POLICY IF EXISTS user_organization_access ON user_organizations;",
@"CREATE POLICY user_organization_access ON user_organizations
USING (user_id = current_setting('app.user_id', TRUE)::INTEGER);"
};
)) WITH CHECK (true);",
$"DROP POLICY IF EXISTS user_organization_access ON {_command.Schema}.user_organizations;",
@$"CREATE POLICY user_organization_access ON {_command.Schema}.user_organizations
USING (user_id = current_setting('app.user_id', TRUE)::INTEGER) WITH CHECK (true);"
};
foreach (var statement in sql)
{
ExecuteSql(statement);
}
}
foreach (var statement in sql)
{
ExecuteSql(statement);
}
}
}
}
}