Application User setup WIP
This commit is contained in:
parent
c83442b4af
commit
cb6dd39596
16 changed files with 362 additions and 314 deletions
|
|
@ -2,35 +2,42 @@
|
|||
using Database.Common;
|
||||
using Insight.Database;
|
||||
|
||||
namespace Database.Core.DataControlLanguage
|
||||
namespace Database.Core.DCL
|
||||
{
|
||||
|
||||
/// <summary>
|
||||
/// Only a superadmin or similar can create Application Users
|
||||
/// </summary>
|
||||
public class SetupApplicationUser
|
||||
public class SetupApplicationUser : IDbConfigure<SetupApplicationUser.Command>
|
||||
{
|
||||
public class Command
|
||||
{
|
||||
public required string Schema { get; init; }
|
||||
public required string User { get; init; }
|
||||
public required string Password { get; init; }
|
||||
}
|
||||
|
||||
|
||||
IDbConnection _db;
|
||||
string _schema;
|
||||
string _user;
|
||||
string _password;
|
||||
Command _command;
|
||||
|
||||
public SetupApplicationUser(IDbConnection db)
|
||||
{
|
||||
_db = db;
|
||||
}
|
||||
|
||||
public void CreateUserWithSchemaInDatabase(string schema, string user, string password)
|
||||
public void Setup(string schema = null)
|
||||
{
|
||||
_schema = schema;
|
||||
_password = password;
|
||||
_user = user;
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
public void With(Command command)
|
||||
{
|
||||
_command = command;
|
||||
|
||||
if (!Validations.IsValidSchemaName(_schema))
|
||||
throw new ArgumentException("Invalid schema name", _schema);
|
||||
if (!Validations.IsValidSchemaName(_command.Schema))
|
||||
throw new ArgumentException("Invalid schema name", _command.Schema);
|
||||
|
||||
using (var transaction = _db.BeginTransaction())
|
||||
using (var transaction = _db.OpenWithTransaction())
|
||||
{
|
||||
try
|
||||
{
|
||||
|
|
@ -55,32 +62,56 @@ namespace Database.Core.DataControlLanguage
|
|||
|
||||
private void CreateSchema()
|
||||
{
|
||||
var sql = $"CREATE SCHEMA IF NOT EXISTS {_schema}";
|
||||
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
|
||||
ExecuteSql(sql);
|
||||
}
|
||||
|
||||
private void CreateRole()
|
||||
{
|
||||
var sql = $"CREATE ROLE {_user} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_password}';";
|
||||
var sql = $@"
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '{_command.User}') THEN
|
||||
CREATE ROLE {_command.User} WITH CREATEDB CREATEROLE LOGIN PASSWORD '{_command.Password}';
|
||||
END IF;
|
||||
END $$;";
|
||||
ExecuteSql(sql);
|
||||
|
||||
var sql1 = $"ALTER ROLE {_user} SET search_path='{_schema}';";
|
||||
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
|
||||
ExecuteSql(sql1);
|
||||
|
||||
}
|
||||
|
||||
private void GrantSchemaRights()
|
||||
{
|
||||
var sql = $"GRANT USAGE ON SCHEMA {_schema} TO {_user};";
|
||||
// Grant USAGE og alle CREATE rettigheder på schema niveau
|
||||
var sql = $@"
|
||||
GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};
|
||||
GRANT ALL ON SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql);
|
||||
|
||||
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_schema} " +
|
||||
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_user};";
|
||||
// Grant rettigheder på eksisterende og fremtidige tabeller
|
||||
var sql1 = $"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql1);
|
||||
|
||||
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_schema} TO {_user};";
|
||||
var sql2 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT ALL PRIVILEGES ON TABLES TO {_command.User};";
|
||||
ExecuteSql(sql2);
|
||||
|
||||
// Grant sequence rettigheder
|
||||
var sql3 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql3);
|
||||
|
||||
// Grant execute på functions
|
||||
var sql4 = $"GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql4);
|
||||
|
||||
// Grant for fremtidige functions
|
||||
var sql5 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT EXECUTE ON FUNCTIONS TO {_command.User};";
|
||||
ExecuteSql(sql5);
|
||||
|
||||
// Grant for fremtidige sequences
|
||||
var sql6 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} GRANT USAGE ON SEQUENCES TO {_command.User};";
|
||||
ExecuteSql(sql6);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,30 +2,33 @@
|
|||
using Database.Common;
|
||||
using Insight.Database;
|
||||
|
||||
namespace Database.Core.DataControlLanguage
|
||||
namespace Database.Core.DCL
|
||||
{
|
||||
public class SetupOrganization
|
||||
public class SetupOrganization : IDbConfigure<SetupOrganization.Command>
|
||||
{
|
||||
public class Command
|
||||
{
|
||||
public required string Schema { get; init; }
|
||||
public required string User { get; init; }
|
||||
public required string Password { get; init; }
|
||||
}
|
||||
|
||||
IDbConnection _db;
|
||||
string _schema;
|
||||
string _user;
|
||||
string _password;
|
||||
Command _command;
|
||||
|
||||
public SetupOrganization(IDbConnection db)
|
||||
{
|
||||
_db = db;
|
||||
}
|
||||
|
||||
public void CreateUserWithSchemaInDatabase(string schema, string user, string password)
|
||||
public void With(Command command)
|
||||
{
|
||||
|
||||
_schema = schema;
|
||||
_password = password;
|
||||
_user = user;
|
||||
_command = command;
|
||||
|
||||
if (!Validations.IsValidSchemaName(_schema))
|
||||
throw new ArgumentException("Invalid schema name", _schema);
|
||||
|
||||
if (!Validations.IsValidSchemaName(_command.Schema))
|
||||
throw new ArgumentException("Invalid schema name", _command.Schema);
|
||||
|
||||
using (var transaction = _db.BeginTransaction())
|
||||
{
|
||||
|
|
@ -44,9 +47,6 @@ namespace Database.Core.DataControlLanguage
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
private void ExecuteSql(string sql)
|
||||
{
|
||||
|
|
@ -55,32 +55,39 @@ namespace Database.Core.DataControlLanguage
|
|||
|
||||
private void CreateSchema()
|
||||
{
|
||||
var sql = $"CREATE SCHEMA IF NOT EXISTS {_schema}";
|
||||
var sql = $"CREATE SCHEMA IF NOT EXISTS {_command.Schema}";
|
||||
ExecuteSql(sql);
|
||||
}
|
||||
|
||||
private void CreateRole()
|
||||
{
|
||||
var sql = $"CREATE ROLE {_user} LOGIN PASSWORD '{_password}';";
|
||||
var sql = $"CREATE ROLE {_command.User} LOGIN PASSWORD '{_command.Password}';";
|
||||
ExecuteSql(sql);
|
||||
|
||||
var sql1 = $"ALTER ROLE {_user} SET search_path='{_schema}';";
|
||||
var sql1 = $"ALTER ROLE {_command.User} SET search_path='{_command.Schema}';";
|
||||
ExecuteSql(sql1);
|
||||
|
||||
}
|
||||
|
||||
private void GrantSchemaRights()
|
||||
{
|
||||
var sql = $"GRANT USAGE ON SCHEMA {_schema} TO {_user};";
|
||||
var sql = $"GRANT USAGE ON SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql);
|
||||
|
||||
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_schema} " +
|
||||
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_user};";
|
||||
var sql1 = $"ALTER DEFAULT PRIVILEGES IN SCHEMA {_command.Schema} " +
|
||||
$"GRANT INSERT, SELECT, UPDATE PRIVILEGES ON TABLES TO {_command.User};";
|
||||
ExecuteSql(sql1);
|
||||
|
||||
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_schema} TO {_user};";
|
||||
var sql2 = $"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql2);
|
||||
|
||||
var sql3 = $"GRANT CREATE TABLE ON SCHEMA {_command.Schema} TO {_command.User};";
|
||||
ExecuteSql(sql3);
|
||||
}
|
||||
public void RevokeCreateTable()
|
||||
{
|
||||
var sql = $"REVOKE CREATE TABLE ON SCHEMA {_command.Schema} FROM {_command.User};";
|
||||
ExecuteSql(sql);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue