Janus007/PlanTempusApp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Application User setup WIP

Browse source
This commit is contained in:
Janus Knudsen 2025-02-11 17:07:01 +01:00
parent c83442b4af
commit cb6dd39596
16 changed files with 362 additions and 314 deletions
Download patch file Download diff file Expand all files Collapse all files

71
Database/Core/DCL/SetupApplicationUser.cs
View file

@ -2,35 +2,42 @@
using Database.Common;
using Insight.Database;
namespace Database.Core.DataControlLanguage
namespace Database.Core.DCL
{
/// <summary>
/// Only a superadmin or similar can create Application Users
/// </summary>
public class SetupApplicationUser
public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
{
public class Command
{
public required string Schema { get; init; }
public required string User { get; init; }
public required string Password { get; init; }
}
IDbConnection _db;
string _schema;
string _user;
string _password;
Command _command;
public SetupApplicationUser(IDbConnection db)
{
_db = db;
}
public void CreateUserWithSchemaInDatabase(string schema, string user, string password)
public void Setup(string schema = null)
{
_schema = schema;
_password = password;
_user = user;
throw new NotImplementedException();
}
public void With(Command command)
{
_command = command;
if (!Validations.IsValidSchemaName(_schema))
throw new ArgumentException("Invalid schema name", _schema);
if (!Validations.IsValidSchemaName(_command.Schema))
throw new ArgumentException("Invalid schema name", _command.Schema);
using (var transaction = _db.BeginTransaction())
using (var transaction = _db.OpenWithTransaction())
{
try
{
@ -55,32 +62,56 @@ namespace Database.Core.DataControlLanguage
private void CreateSchema()
{
var sql = $"CREATE SCHEMA IF NOT EXISTS {_schema}";
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
ExecuteSql(sql);
}
private void CreateRole()
{
var sql = $"CREATE ROLE {_user} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_password}';";
var sql = $@"
DO $$
BEGIN
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
END IF;
END $$;";
ExecuteSql(sql);
var sql1 = $"ALTER ROLE {_user} SET search_path='{_schema}';";
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
ExecuteSql(sql1);
}
private void GrantSchemaRights()
{
var sql = $"GRANT USAGE ON SCHEMA {_schema} TO {_user};";
// Grant USAGE og alle CREATE rettigheder på schema niveau
var sql = $@"
GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql);
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_schema} " +
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_user};";
// Grant rettigheder på eksisterende og fremtidige tabeller
var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql1);
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_schema} TO {_user};";
var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
ExecuteSql(sql2);
// Grant sequence rettigheder
var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql3);
// Grant execute på functions
var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql4);
// Grant for fremtidige functions
var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
ExecuteSql(sql5);
// Grant for fremtidige sequences
var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
ExecuteSql(sql6);
}
}
}

49
Database/Core/DCL/SetupOrganizationUser.cs
View file

@ -2,30 +2,33 @@
using Database.Common;
using Insight.Database;
namespace Database.Core.DataControlLanguage
namespace Database.Core.DCL
{
public class SetupOrganization
public class SetupOrganization : IDbConfigure<SetupOrganization.Command>
{
public class Command
{
public required string Schema { get; init; }
public required string User { get; init; }
public required string Password { get; init; }
}
IDbConnection _db;
string _schema;
string _user;
string _password;
Command _command;
public SetupOrganization(IDbConnection db)
{
_db = db;
}
public void CreateUserWithSchemaInDatabase(string schema, string user, string password)
public void With(Command command)
{
_schema = schema;
_password = password;
_user = user;
_command = command;
if (!Validations.IsValidSchemaName(_schema))
throw new ArgumentException("Invalid schema name", _schema);
if (!Validations.IsValidSchemaName(_command.Schema))
throw new ArgumentException("Invalid schema name", _command.Schema);
using (var transaction = _db.BeginTransaction())
{
@ -44,9 +47,6 @@ namespace Database.Core.DataControlLanguage
}
}
}
private void ExecuteSql(string sql)
{
@ -55,32 +55,39 @@ namespace Database.Core.DataControlLanguage
private void CreateSchema()
{
var sql = $"CREATE SCHEMA IF NOT EXISTS {_schema}";
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
ExecuteSql(sql);
}
private void CreateRole()
{
var sql = $"CREATE ROLE {_user} LOGIN PASSWORD '{_password}';";
var sql = $"CREATE ROLE {_command.User} LOGIN PASSWORD '{_command.Password}';";
ExecuteSql(sql);
var sql1 = $"ALTER ROLE {_user} SET search_path='{_schema}';";
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
ExecuteSql(sql1);
}
private void GrantSchemaRights()
{
var sql = $"GRANT USAGE ON SCHEMA {_schema} TO {_user};";
var sql = $"GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql);
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_schema} " +
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_user};";
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} " +
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_command.User};";
ExecuteSql(sql1);
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_schema} TO {_user};";
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql2);
var sql3 = $"GRANT CREATE TABLE ON SCHEMA {_command.Schema} TO {_command.User};";
ExecuteSql(sql3);
}
public void RevokeCreateTable()
{
var sql = $"REVOKE CREATE TABLE ON SCHEMA {_command.Schema} FROM {_command.User};";
ExecuteSql(sql);
}
}
}

179
Database/Core/DDL/SetupIdentitySystem.cs
View file

@ -1,67 +1,64 @@
using Insight.Database;
using System.Data;
namespace Database.Core.DataDefinitionLanguage
namespace Database.Core.DDL
{
public interface IDbSetup
{
void CreateSystem(string schema = null);
}
/// <summary>
/// This is by purpose not async await
/// It is intended that this is created with the correct Application User, which is why the schema name is omitted.
/// </summary>
public class SetupIdentitySystem : IDbConfigure<SetupIdentitySystem.Command>
{
public class Command { }
/// <summary>
/// This is by purpose not async await
/// </summary>
public class SetupIdentitySystem : IDbSetup
{
readonly IDbConnection _db;
IDbTransaction _transaction = null;
string _schema;
readonly IDbConnection _db;
IDbTransaction _transaction = null;
string _schema;
public SetupIdentitySystem(IDbConnection db)
{
_db = db;
}
public SetupIdentitySystem(IDbConnection db)
{
_db = db;
}
/// <summary>
/// Creates the system tables in the specified schema within a transaction.
/// </summary>
/// <param name="schema">The schema name where the tables will be created.</param>
public void CreateSystem(string schema = null)
{
/// <summary>
/// Creates the system tables in the specified schema within a transaction.
/// </summary>
/// <param name="schema">The schema name where the tables will be created.</param>
public void With(Command emptyByIntention)
{
using (_transaction = _db.BeginTransaction())
{
try
{
CreateUsersTable();
CreateTenantsTable();
CreateUserTenantsTable();
SetupRLS();
using (_transaction = _db.BeginTransaction())
{
try
{
CreateUsersTable();
CreateTenantsTable();
CreateUserTenantsTable();
SetupRLS();
_transaction.Commit();
}
catch (Exception ex)
{
_transaction.Rollback();
throw new InvalidOperationException("Failed to SetupIdentitySystem. Transaction is rolled back", ex);
}
}
}
private void ExecuteSql(string sql)
{
if (string.IsNullOrEmpty(sql))
throw new ArgumentNullException(nameof(sql));
_transaction.Commit();
}
catch (Exception ex)
{
_transaction.Rollback();
throw new InvalidOperationException("Failed to create system tables.", ex);
}
}
}
private void ExecuteSql(string sql)
{
if (string.IsNullOrEmpty(sql))
throw new ArgumentNullException(nameof(sql));
_db.ExecuteSql(sql);
}
_db.ExecuteSql(sql);
}
/// <summary>
/// Creates the users table
/// </summary>
public void CreateUsersTable()
{
var sql = @"
/// <summary>
/// Creates the users table
/// </summary>
public void CreateUsersTable()
{
var sql = @"
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
email VARCHAR(256) NOT NULL UNIQUE,
@ -76,16 +73,16 @@ namespace Database.Core.DataDefinitionLanguage
last_login_at TIMESTAMPTZ NULL
);";
ExecuteSql(sql);
ExecuteSql(sql);
}
}
/// <summary>
/// Creates the tenants table
/// </summary>
public void CreateTenantsTable()
{
var sql = @"
/// <summary>
/// Creates the tenants table
/// </summary>
public void CreateTenantsTable()
{
var sql = @"
CREATE TABLE IF NOT EXISTS tenants (
id SERIAL PRIMARY KEY,
connection_string VARCHAR(500) NOT NULL,
@ -94,16 +91,16 @@ namespace Database.Core.DataDefinitionLanguage
created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
);";
ExecuteSql(sql);
ExecuteSql(sql);
}
}
/// <summary>
/// Creates the user_tenants table
/// </summary>
public void CreateUserTenantsTable()
{
var sql = @"
/// <summary>
/// Creates the user_tenants table
/// </summary>
public void CreateUserTenantsTable()
{
var sql = @"
CREATE TABLE IF NOT EXISTS user_tenants (
user_id INTEGER NOT NULL REFERENCES users(id),
tenant_id INTEGER NOT NULL REFERENCES tenants(id),
@ -112,37 +109,37 @@ namespace Database.Core.DataDefinitionLanguage
PRIMARY KEY (user_id, tenant_id)
);";
ExecuteSql(sql);
ExecuteSql(sql);
}
}
/// <summary>
/// Sets up Row Level Security (RLS) for the tenants and user_tenants tables.
/// </summary>
public void SetupRLS()
{
var sql = new[]
{
"ALTER TABLE tenants ENABLE ROW LEVEL SECURITY;",
"ALTER TABLE user_tenants ENABLE ROW LEVEL SECURITY;",
"DROP POLICY IF EXISTS tenant_access ON tenants;",
@"CREATE POLICY tenant_access ON tenants
/// <summary>
/// Sets up Row Level Security (RLS) for the tenants and user_tenants tables.
/// </summary>
public void SetupRLS()
{
var sql = new[]
{
"ALTER TABLE tenants ENABLE ROW LEVEL SECURITY;",
"ALTER TABLE user_tenants ENABLE ROW LEVEL SECURITY;",
"DROP POLICY IF EXISTS tenant_access ON tenants;",
@"CREATE POLICY tenant_access ON tenants
USING (id IN (
SELECT tenant_id
FROM user_tenants
WHERE user_id = current_setting('app.user_id', TRUE)::INTEGER
));",
"DROP POLICY IF EXISTS user_tenant_access ON user_tenants;",
@"CREATE POLICY user_tenant_access ON user_tenants
"DROP POLICY IF EXISTS user_tenant_access ON user_tenants;",
@"CREATE POLICY user_tenant_access ON user_tenants
USING (user_id = current_setting('app.user_id', TRUE)::INTEGER);"
};
};
foreach (var statement in sql)
{
ExecuteSql(statement);
}
}
foreach (var statement in sql)
{
ExecuteSql(statement);
}
}
}
}
}

7
Database/Core/IDbConfigure.cs Normal file
View file

@ -0,0 +1,7 @@
namespace Database.Core
{
public interface IDbConfigure<T>
{
void With(T command);
}
}