Merge pull request #14 from recogito/develop

Merge develop into main for release
recogito · Mar 11, 2024 · b462ab7 · b462ab7
2 parents 79ece75 + 0226e1e
commit b462ab7
Show file tree

Hide file tree

Showing 25 changed files with 745 additions and 70 deletions.
diff --git a/SQL Scripts/functions/check_for_project_open_edit_change.sql b/SQL Scripts/functions/check_for_project_open_edit_change.sql
@@ -0,0 +1,45 @@
+
+CREATE
+OR REPLACE FUNCTION check_for_project_open_edit_change () RETURNS TRIGGER AS $$
+DECLARE
+  _is_project_default BOOLEAN;  
+  _is_open_edit BOOLEAN;
+  _record RECORD;
+  _layer_record RECORD;
+  _context_id uuid;
+  _layer_group_id uuid;
+  _project_group_id uuid;
+  _id uuid;
+BEGIN
+  -- See project has changed to open edit
+  IF OLD.is_open_edit IS FALSE AND NEW.is_open_edit IS TRUE THEN
+    -- Get the default context
+    SELECT c.id INTO _context_id FROM public.contexts c WHERE c.project_id = NEW.id AND c.is_project_default IS TRUE;
+
+    -- RAISE LOG 'Found default context: %', _context_id; 
+
+    FOR _layer_record IN SELECT * FROM public.layers l
+      INNER JOIN public.layer_contexts lc ON lc.context_id = _context_id AND l.project_id = OLD.id
+    LOOP
+
+      -- Get the layer group
+      SELECT lg.id INTO _layer_group_id FROM public.layer_groups lg WHERE lg.layer_id = _layer_record.id and is_default IS TRUE;
+      -- RAISE LOG 'Found layer_group: %', _layer_group_id; 
+
+      -- Get the project group
+      SELECT pg.id INTO _project_group_id FROM public.project_groups pg WHERE pg.project_id = NEW.id AND is_default IS TRUE;
+      -- RAISE LOG 'Found project_group: %', _project_group_id; 
+
+      -- Add all project members to default layer group
+      FOR _record IN SELECT * FROM public.group_users WHERE group_type = 'project' AND type_id = _project_group_id
+      LOOP
+          -- RAISE LOG 'Adding % to layer group', _record.user_id; 
+          INSERT INTO public.group_users (group_type, user_id, type_id)
+          VALUES ('layer',_record.user_id, _layer_group_id);
+      END LOOP; 
+    END LOOP;   
+  END IF;
+
+  RETURN NEW;
+END
+$$ LANGUAGE PLPGSQL SECURITY DEFINER;
diff --git a/SQL Scripts/functions/check_group_users_for_open_edit.sql b/SQL Scripts/functions/check_group_users_for_open_edit.sql
@@ -0,0 +1,38 @@
+CREATE
+OR REPLACE FUNCTION check_group_user_for_open_edit () RETURNS TRIGGER AS $$
+DECLARE
+  _project_id uuid;
+  _is_default_group BOOLEAN;
+  _context_id uuid;
+  _is_open_edit BOOLEAN;
+  _record RECORD;
+  _layer_group_id uuid;
+BEGIN
+  -- Is this a project group?
+  IF NEW.group_type = 'project' THEN
+    -- Get the project group
+    SELECT g.is_default, g.project_id INTO _is_default_group, _project_id FROM public.project_groups g WHERE g.id = NEW.type_id;
+
+    -- Get the project
+    SELECT is_open_edit INTO _is_open_edit FROM public.projects p WHERE p.id = _project_id;
+
+    -- Is this a new member of the default group of an open edit project
+    IF _is_open_edit AND _is_default_group THEN
+
+      -- Get the default context
+      SELECT c.id INTO _context_id FROM public.contexts c WHERE c.project_id = _project_id AND c.is_project_default IS TRUE;
+
+      -- Iterate all of the layers and add the users
+      FOR _record IN SELECT * from public.layer_contexts l WHERE l.context_id = _context_id LOOP
+
+        -- Get the layer group
+        SELECT (id) INTO _layer_group_id FROM public.layer_groups g WHERE g.layer_id = _record.layer_id and g.is_default IS TRUE;
+
+        INSERT INTO public.group_users (group_type, user_id, type_id)
+        VALUES ('layer',NEW.user_id, _layer_group_id);
+      END LOOP; 
+    END IF;
+  END IF;
+  RETURN NEW;
+END
+$$ LANGUAGE PLPGSQL SECURITY DEFINER;
diff --git a/SQL Scripts/functions/check_layer_context_for_open_edit.sql b/SQL Scripts/functions/check_layer_context_for_open_edit.sql
@@ -0,0 +1,34 @@
+CREATE
+OR REPLACE FUNCTION check_layer_context_for_open_edit () RETURNS TRIGGER AS $$
+DECLARE
+  _project_id uuid;
+  _context_name VARCHAR;
+  _is_project_default BOOLEAN;  
+  _is_open_edit BOOLEAN;
+  _record RECORD;
+  _project_group_id uuid;
+  _layer_group_id uuid;
+  _id uuid;
+BEGIN
+  -- See if the layer is in the default context on an open edit project
+  SELECT c.project_id, c.name, c.is_project_default INTO _project_id, _context_name, _is_project_default FROM public.contexts c WHERE c.id = NEW.context_id;
+  SELECT is_open_edit INTO _is_open_edit FROM public.projects p WHERE p.id = _project_id;
+
+  IF _is_open_edit AND _is_project_default IS TRUE THEN
+    -- Get the project group
+    SELECT (id) INTO _project_group_id FROM public.project_groups WHERE project_id = _project_id and is_default = TRUE;
+
+    -- Get the layer group
+    SELECT (id) INTO _layer_group_id FROM public.layer_groups WHERE layer_id = NEW.layer_id and is_default IS TRUE;
+
+    -- Add all project members to default layer group
+    FOR _record IN SELECT * FROM public.group_users WHERE group_type = 'project' AND type_id = _project_group_id
+    LOOP
+        INSERT INTO public.group_users (group_type, user_id, type_id)
+        VALUES ('layer',_record.user_id, _layer_group_id);
+    END LOOP; 
+  END IF;
+
+  RETURN NEW;
+END
+$$ LANGUAGE PLPGSQL SECURITY DEFINER;
diff --git a/SQL Scripts/functions/create_project_rpc.sql b/SQL Scripts/functions/create_project_rpc.sql
@@ -0,0 +1,27 @@
+CREATE
+OR REPLACE FUNCTION create_project_rpc (
+    _name VARCHAR,
+    _description VARCHAR,
+    _is_open_join BOOLEAN,
+    _is_open_edit BOOLEAN
+) RETURNS SETOF public.projects AS $body$
+DECLARE
+    _project_id uuid := gen_random_uuid();    -- The id of the new project
+    _context_id uuid := gen_random_uuid();    -- The id of the default context
+    _default_context_definition_id uuid;
+BEGIN
+    IF NOT check_action_policy_organization(auth.uid(), 'projects', 'INSERT') THEN
+        RETURN;
+    END IF;    
+
+    INSERT INTO public.projects (id, created_by, created_at, name, description, is_open_join, is_open_edit) VALUES (_project_id, auth.uid(), NOW(), _name, _description, _is_open_join, _is_open_edit);
+
+    INSERT INTO public.contexts (id, created_by, created_at, project_id, is_project_default) VALUES (_context_id, auth.uid(), NOW(), _project_id, TRUE);
+
+    SELECT (id) INTO _default_context_definition_id FROM public.tag_definitions t WHERE t.scope = 'system' AND t.name = 'DEFAULT_CONTEXT';
+
+    INSERT INTO public.tags (created_by, created_at, tag_definition_id, target_id) VALUES (auth.uid(), NOW(), _default_context_definition_id, _context_id);    
+
+    RETURN QUERY SELECT * FROM public.projects WHERE id = _project_id;
+END
+$body$ LANGUAGE plpgsql SECURITY DEFINER;
diff --git a/SQL Scripts/functions/is_open_edit_join_from_context_rpc.sql b/SQL Scripts/functions/is_open_edit_join_from_context_rpc.sql
@@ -0,0 +1,21 @@
+CREATE
+OR REPLACE FUNCTION is_open_edit_join_from_context_rpc (_context_id UUID) RETURNS uuid AS $body$
+DECLARE
+  _project_id   uuid;
+BEGIN
+
+
+    -- They at least have to be authenticated
+    IF NOT check_action_policy_organization(auth.uid(), 'documents', 'SELECT') THEN
+        RETURN NULL;
+    END IF;    
+
+    SELECT p.id INTO _project_id FROM public.projects p 
+      INNER JOIN public.contexts c ON c.id = _context_id
+      WHERE p.is_open_join IS TRUE AND p.is_open_edit IS TRUE AND c.project_id = p.id;
+
+    RAISE log 'Project ID: %', _project_id;
+    RETURN _project_id;
+
+END
+$body$ LANGUAGE plpgsql SECURITY DEFINER;
diff --git a/SQL Scripts/functions/join_project_rpc.sql b/SQL Scripts/functions/join_project_rpc.sql
@@ -0,0 +1,25 @@
+CREATE
+OR REPLACE FUNCTION join_project_rpc (_project_id UUID) RETURNS BOOLEAN AS $body$
+DECLARE
+  _is_open_join BOOLEAN;
+  _project_group_id uuid;
+BEGIN
+
+
+    SELECT (is_open_join) INTO _is_open_join FROM public.projects WHERE id = _project_id;
+
+    -- They at least have to be authenticated
+    IF NOT check_action_policy_organization(auth.uid(), 'documents', 'SELECT') OR _is_open_join IS FALSE THEN
+        RETURN FALSE;
+    END IF;    
+
+    SELECT (id) INTO _project_group_id FROM public.project_groups WHERE project_id = _project_id AND is_default IS TRUE;
+
+    INSERT INTO public.group_users
+      (group_type, user_id, type_id)
+      VALUES 
+      ('project', auth.uid(), _project_group_id);
+
+    RETURN TRUE;
+END
+$body$ LANGUAGE plpgsql SECURITY DEFINER;
diff --git a/SQL Scripts/functions/leave_project_rpc.sql b/SQL Scripts/functions/leave_project_rpc.sql
@@ -0,0 +1,28 @@
+CREATE
+OR REPLACE FUNCTION leave_project_rpc (_project_id UUID) RETURNS BOOLEAN AS $body$
+DECLARE
+  _project_group_id uuid;
+  _group_user_id uuid;
+BEGIN
+
+
+    -- They at least have to be authenticated
+    IF NOT check_action_policy_organization(auth.uid(), 'documents', 'SELECT') THEN
+        RETURN FALSE;
+    END IF;    
+
+    SELECT (id) INTO _project_group_id FROM public.project_groups WHERE project_id = _project_id AND is_default IS TRUE;
+
+    SELECT gu.id INTO _group_user_id FROM public.group_users gu 
+      INNER JOIN public.project_groups pg ON pg.project_id = _project_id 
+      WHERE gu.type_id = pg.id AND gu.user_id = auth.uid();
+
+    IF _group_user_id IS NOT NULL THEN
+      DELETE FROM public.group_users WHERE id = _group_user_id;
+    ELSE 
+      RETURN FALSE;
+    END IF;
+
+    RETURN TRUE;
+END
+$body$ LANGUAGE plpgsql SECURITY DEFINER;
diff --git a/SQL Scripts/helpful-stuff/change-all-users-to-org-admin.sql b/SQL Scripts/helpful-stuff/change-all-users-to-org-admin.sql
@@ -0,0 +1,9 @@
+DO $$
+DECLARE
+  t_row public.group_users % rowtype;
+BEGIN
+  FOR t_row IN SELECT * FROM public.group_users c WHERE c.group_type = 'organization' LOOP
+    UPDATE public.group_users SET type_id = '350abe76-937b-4a9b-9600-9b1f856db250' WHERE id = t_row.id; 
+  END LOOP;
+END
+$$
diff --git a/SQL Scripts/helpful-stuff/change-all-users-to-org-profs.sql b/SQL Scripts/helpful-stuff/change-all-users-to-org-profs.sql
@@ -0,0 +1,9 @@
+DO $$
+DECLARE
+  t_row public.group_users % rowtype;
+BEGIN
+  FOR t_row IN SELECT * FROM public.group_users c WHERE c.group_type = 'organization' LOOP
+    UPDATE public.group_users SET type_id = 'f918b2f8-f587-4ee1-9f2d-35b3aed0b1e6' WHERE id = t_row.id; 
+  END LOOP;
+END
+$$
diff --git a/SQL Scripts/helpful-stuff/mark-default-contexts.sql b/SQL Scripts/helpful-stuff/mark-default-contexts.sql
@@ -0,0 +1,9 @@
+DO $$
+DECLARE
+  t_row public.contexts % rowtype;
+BEGIN
+  FOR t_row IN SELECT * FROM public.contexts c WHERE c.name IS NULL  LOOP
+    UPDATE public.contexts SET is_project_default = TRUE WHERE id = t_row.id; 
+  END LOOP;
+END
+$$
diff --git a/SQL Scripts/policies/collections.sql b/SQL Scripts/policies/collections.sql
@@ -2,6 +2,7 @@ DROP POLICY IF EXISTS "Users with correct policies can SELECT on collections" ON
 
 CREATE POLICY "Users with correct policies can SELECT on collections" ON public.collections FOR SELECT TO authenticated
     USING (
+        is_archived IS FALSE AND
         public.check_action_policy_organization(auth.uid(), 'collections', 'SELECT')
     );
 

diff --git a/SQL Scripts/policies/project_groups.sql b/SQL Scripts/policies/project_groups.sql
@@ -1,30 +1,79 @@
 DROP POLICY IF EXISTS "Users with correct policies can SELECT on project_groups" ON public.project_groups;
 
-CREATE POLICY "Users with correct policies can SELECT on project_groups" ON public.project_groups FOR SELECT TO authenticated
-    USING (
-        is_archived IS FALSE AND
-        (public.check_action_policy_organization(auth.uid(), 'project_groups', 'SELECT') OR
-         public.check_action_policy_project(auth.uid(), 'project_groups', 'SELECT', project_id))
+CREATE POLICY "Users with correct policies can SELECT on project_groups" ON public.project_groups FOR
+SELECT
+    TO authenticated USING (
+        (
+            is_archived IS FALSE
+            AND EXISTS (
+                SELECT
+                    1
+                FROM
+                    public.projects
+                WHERE
+                    id = project_id
+                    AND is_open_join IS TRUE
+            )
+        )
+        OR (
+            is_archived IS FALSE
+            AND (
+                public.check_action_policy_organization (auth.uid (), 'project_groups', 'SELECT')
+                OR public.check_action_policy_project (
+                    auth.uid (),
+                    'project_groups',
+                    'SELECT',
+                    project_id
+                )
+            )
+        )
     );
 
 DROP POLICY IF EXISTS "Users with correct policies can INSERT on project_groups" ON public.project_groups;
 
 CREATE POLICY "Users with correct policies can INSERT on project_groups" ON public.project_groups FOR INSERT TO authenticated
-    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'project_groups', 'INSERT') OR
-                public.check_action_policy_project(auth.uid(), 'project_groups', 'INSERT', project_id));
+WITH
+    CHECK (
+        public.check_action_policy_organization (auth.uid (), 'project_groups', 'INSERT')
+        OR public.check_action_policy_project (
+            auth.uid (),
+            'project_groups',
+            'INSERT',
+            project_id
+        )
+    );
 
 DROP POLICY IF EXISTS "Users with correct policies can UPDATE on project_groups" ON public.project_groups;
 
-CREATE POLICY "Users with correct policies can UPDATE on project_groups" ON public.project_groups FOR UPDATE TO authenticated
-    USING (
-        public.check_action_policy_organization(auth.uid(), 'project_groups', 'UPDATE') OR
-        public.check_action_policy_project(auth.uid(), 'project_groups', 'UPDATE', project_id)
+CREATE POLICY "Users with correct policies can UPDATE on project_groups" ON public.project_groups FOR
+UPDATE TO authenticated USING (
+    public.check_action_policy_organization (auth.uid (), 'project_groups', 'UPDATE')
+    OR public.check_action_policy_project (
+        auth.uid (),
+        'project_groups',
+        'UPDATE',
+        project_id
     )
-    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'project_groups', 'UPDATE') OR
-                public.check_action_policy_project(auth.uid(), 'project_groups', 'UPDATE', project_id));
+)
+WITH
+    CHECK (
+        public.check_action_policy_organization (auth.uid (), 'project_groups', 'UPDATE')
+        OR public.check_action_policy_project (
+            auth.uid (),
+            'project_groups',
+            'UPDATE',
+            project_id
+        )
+    );
 
 DROP POLICY IF EXISTS "Users with correct policies can DELETE on project_groups" ON public.project_groups;
 
-CREATE POLICY "Users with correct policies can DELETE on project_groups" ON public.project_groups FOR DELETE TO authenticated
-    USING (public.check_action_policy_organization(auth.uid(), 'project_groups', 'DELETE') OR
-           public.check_action_policy_project(auth.uid(), 'project_groups', 'DELETE', project_id));
+CREATE POLICY "Users with correct policies can DELETE on project_groups" ON public.project_groups FOR DELETE TO authenticated USING (
+    public.check_action_policy_organization (auth.uid (), 'project_groups', 'DELETE')
+    OR public.check_action_policy_project (
+        auth.uid (),
+        'project_groups',
+        'DELETE',
+        project_id
+    )
+);
-Original file line number
+Diff line change
@@ Expand Up @@
     CREATE POLICY "Users with correct policies can SELECT on collections" ON public.collections FOR SELECT TO authenticated
         USING (
+            is_archived IS FALSE AND
             public.check_action_policy_organization(auth.uid(), 'collections', 'SELECT')
         );
@@ Expand Down @@