A lot of works different areas... no plan

Database/Core/DCL/SetupDbAdmin.cs

@@ -0,0 +1,119 @@
+using System.Data;
+using Database.Common;
+using Insight.Database;
+
+namespace Database.Core.DCL
+{
+
+    /// <summary>
+    /// Only a superadmin or similar can create Application Users
+    /// </summary>
+    public class SetupDbAdmin : IDbConfigure<SetupDbAdmin.Command>
+    {
+        public class Command
+        {
+            public required string Schema { get; init; }
+            public required string User { get; init; }
+            public required string Password { get; init; }
+        }
+
+
+        IDbConnection _db;
+        Command _command;
+
+        public SetupDbAdmin(IDbConnection db)
+        {
+            _db = db;
+        }
+
+
+        public void With(Command command)
+        {
+            _command = command;
+
+            if (!Validations.IsValidSchemaName(_command.Schema))
+                throw new ArgumentException("Invalid schema name", _command.Schema);
+
+            using (var transaction = _db.OpenWithTransaction())
+            {
+                try
+                {
+                    CreateSchema();
+                    CreateRole();
+                    GrantSchemaRights();
+
+                    transaction.Commit();
+                }
+                catch (Exception ex)
+                {
+                    transaction.Rollback();
+                    throw new InvalidOperationException("Failed to SetupApplicationUser in Database", ex);
+                }
+            }
+
+        }
+        private void ExecuteSql(string sql)
+        {
+            _db.ExecuteSql(sql);
+        }
+
+        private void CreateSchema()
+        {
+            var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
+            ExecuteSql(sql);
+        }
+
+        private void CreateRole()
+        {
+            var sql = $@"
+							DO $$ 
+							BEGIN
+							   IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
+								   CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
+							   END IF;
+							END $$;";
+            ExecuteSql(sql);
+
+            var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
+            ExecuteSql(sql1);
+            
+            var sql2 = $"ALTER SCHEMA {_command.Schema} OWNER TO {_command.User};";
+            ExecuteSql(sql2);
+
+        }
+
+        private void GrantSchemaRights()
+        {
+            // Grant USAGE og alle CREATE rettigheder på schema niveau
+            //GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
+            var sql = $@"						
+						GRANT CREATE ON SCHEMA {_command.Schema} TO {_command.User};";
+
+            ExecuteSql(sql);
+
+            // Grant rettigheder på eksisterende og fremtidige tabeller
+            //var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
+            //ExecuteSql(sql1);
+
+            //var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
+            //ExecuteSql(sql2);
+
+            //// Grant sequence rettigheder
+            //var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
+            //ExecuteSql(sql3);
+
+            //// Grant execute på functions
+            //var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
+            //ExecuteSql(sql4);
+
+            //// Grant for fremtidige functions
+            //var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
+            //ExecuteSql(sql5);
+
+            //// Grant for fremtidige sequences
+            //var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
+            //ExecuteSql(sql6);
+        }
+
+    }
+}