Merge pull request #8 from recogito/lwj/fcc-documents

Collections and extensions

.eslintrc.js

@@ -0,0 +1,28 @@
+module.exports = {
+  env: {
+    browser: true,
+    es2021: true,
+  },
+  extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended'],
+  overrides: [
+    {
+      env: {
+        node: true,
+      },
+      files: ['.eslintrc.{js,cjs}'],
+      parserOptions: {
+        sourceType: 'script',
+      },
+    },
+  ],
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    ecmaVersion: 'latest',
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint'],
+  rules: {
+    'no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
+    'no-explicit-any': false,
+  },
+};

.gitignore

@@ -8,3 +8,4 @@ node_modules
 .DS_Store
 priivate-scripts
 hold
+./supabase/functions/*

SQL Scripts/functions/check_action_policy_project_from_document.sql

@@ -1,15 +1,11 @@
-CREATE OR REPLACE FUNCTION check_action_policy_project_from_document(user_id uuid, table_name varchar,
-                                                                  operation operation_types,
-                                                                  document_id uuid)
-    RETURNS bool
-AS
-$body$
+CREATE
+OR REPLACE FUNCTION check_action_policy_project_from_document (user_id uuid, table_name varchar, operation operation_types, document_id uuid) RETURNS bool AS $body$
 BEGIN
     RETURN EXISTS(SELECT 1
 
                   FROM public.profiles pr
-                           INNER JOIN public.layers l ON l.document_id = $4
-                           INNER JOIN public.project_groups pg ON pg.project_id = l.project_id
+                           INNER JOIN public.project_documents pd ON pd.document_id = $4
+                           INNER JOIN public.project_groups pg ON pg.project_id = pd.project_id
                            INNER JOIN public.group_users gu
                                       ON pg.id = gu.type_id AND gu.group_type = 'project' AND gu.user_id = $1
                            INNER JOIN public.roles r ON pg.role_id = r.id
@@ -19,5 +15,4 @@ BEGIN
                   WHERE p.table_name = $2
                     AND p.operation = $3);
 END;
-$body$
-    LANGUAGE plpgsql SECURITY DEFINER;
+$body$ LANGUAGE plpgsql SECURITY DEFINER;

SQL Scripts/functions/create_default_layer_groups.sql

@@ -1,21 +1,21 @@
-CREATE OR REPLACE FUNCTION create_default_layer_groups()
-    RETURNS TRIGGER AS
-$$
+CREATE
+OR        REPLACE FUNCTION CREATE_DEFAULT_LAYER_GROUPS () RETURNS TRIGGER AS $$
 DECLARE
     _layer_group_id uuid;
     _role_id        uuid;
     _name           varchar;
     _description    varchar;
     _is_admin       bool;
+    _is_default     bool;
 BEGIN
-    FOR _role_id, _name, _description, _is_admin IN SELECT role_id, name, description, is_admin
+    FOR _role_id, _name, _description, _is_admin, _is_default IN SELECT role_id, name, description, is_admin, is_default
                                                     FROM public.default_groups
                                                     WHERE group_type = 'layer'
         LOOP
             _layer_group_id = extensions.uuid_generate_v4();
             INSERT INTO public.layer_groups
-                (id, layer_id, role_id, name, description, is_admin)
-            VALUES (_layer_group_id, NEW.id, _role_id, _name, _description, _is_admin);
+                (id, layer_id, role_id, name, description, is_admin, is_default)
+            VALUES (_layer_group_id, NEW.id, _role_id, _name, _description, _is_admin, _is_default);
 
             IF _is_admin IS TRUE AND NEW.created_by IS NOT NULL THEN
                 INSERT INTO public.group_users (group_type, type_id, user_id)
@@ -24,4 +24,4 @@ BEGIN
         END LOOP;
     RETURN NEW;
 END
-$$ LANGUAGE plpgsql SECURITY DEFINER;
+$$ LANGUAGE PLPGSQL SECURITY DEFINER;

SQL Scripts/functions/create_default_project_groups.sql

@@ -1,21 +1,21 @@
-CREATE OR REPLACE FUNCTION create_default_project_groups()
-    RETURNS TRIGGER AS
-$$
+CREATE
+OR        REPLACE FUNCTION CREATE_DEFAULT_PROJECT_GROUPS () RETURNS TRIGGER AS $$
 DECLARE
     _project_group_id uuid;
     _role_id          uuid;
     _name             varchar;
     _description      varchar;
     _is_admin         bool;
+    _is_default       bool;
 BEGIN
-    FOR _role_id, _name, _description, _is_admin IN SELECT role_id, name, description, is_admin
+    FOR _role_id, _name, _description, _is_admin, _is_default IN SELECT role_id, name, description, is_admin, is_default
                                                     FROM public.default_groups
                                                     WHERE group_type = 'project'
         LOOP
             _project_group_id = extensions.uuid_generate_v4();
             INSERT INTO public.project_groups
-                (id, project_id, role_id, name, description, is_admin)
-            VALUES (_project_group_id, NEW.id, _role_id, _name, _description, _is_admin);
+                (id, project_id, role_id, name, description, is_admin, is_default)
+            VALUES (_project_group_id, NEW.id, _role_id, _name, _description, _is_admin, _is_default);
 
             IF _is_admin IS TRUE AND NEW.created_by IS NOT NULL THEN
                 INSERT INTO public.group_users (group_type, type_id, user_id)
@@ -24,4 +24,4 @@ BEGIN
         END LOOP;
     RETURN NEW;
 END
-$$ LANGUAGE plpgsql SECURITY DEFINER;
+$$ LANGUAGE PLPGSQL SECURITY DEFINER;

SQL Scripts/functions/update_document.sql

@@ -0,0 +1,14 @@
+CREATE
+OR        REPLACE FUNCTION PUBLIC.UPDATE_DOCUMENT () RETURNS TRIGGER LANGUAGE PLPGSQL SECURITY DEFINER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    NEW.updated_by = auth.uid();
+    -- These should never change --
+    NEW.created_at = OLD.created_at;
+    NEW.created_by = OLD.created_by;
+    IF NEW.is_private = TRUE AND auth.uid() != OLD.created_by THEN
+        NEW.is_private = FALSE;
+    END IF;
+    RETURN NEW;
+END;
+$$;

SQL Scripts/helpful-stuff/update-groups.sql

@@ -0,0 +1,22 @@
+DO $$
+DECLARE
+  t_row_project public.PROJECT_GROUPS % rowtype;
+  t_row_layer public.LAYER_GROUPS % rowtype;
+BEGIN
+
+  FOR t_row_project IN SELECT * FROM public.PROJECT_GROUPS LOOP
+    IF t_row_project.name = 'Project Admins' THEN
+      UPDATE public.PROJECT_GROUPS SET is_admin = TRUE WHERE id = t_row_project.id;
+    ELSIF t_row_project.name = 'Project Students' THEN
+        UPDATE public.PROJECT_GROUPS SET is_default = TRUE WHERE id = t_row_project.id;      
+    END IF;
+  END LOOP;
+  FOR t_row_layer IN SELECT * FROM public.LAYER_GROUPS LOOP
+    IF t_row_layer.name = 'Layer Admin' THEN
+      UPDATE public.LAYER_GROUPS SET is_admin = TRUE WHERE id = t_row_layer.id;
+    ELSIF t_row_layer.name = 'Layer Student' THEN
+      UPDATE public.LAYER_GROUPS SET is_default = TRUE WHERE id = t_row_layer.id;
+    END IF;
+  END LOOP;
+END
+$$

SQL Scripts/helpful-stuff/update_project_documents.sql

@@ -0,0 +1,20 @@
+DO $$
+DECLARE
+  t_row public.layers % rowtype;
+BEGIN
+  FOR t_row IN SELECT * FROM public.layers LOOP
+    IF NOT EXISTS(
+    SELECT 1
+    FROM public.project_documents
+    WHERE project_id = t_row.project_id
+    AND document_id = t_row.document_id
+  ) THEN
+      INSERT INTO public.project_documents (project_id, document_id)
+      VALUES (
+        t_row.project_id,
+        t_row.document_id
+      );
+    END IF;
+  END LOOP;
+END
+$$

SQL Scripts/policies/collections.sql

@@ -0,0 +1,24 @@
+DROP POLICY IF EXISTS "Users with correct policies can SELECT on collections" ON public.collections;
+
+CREATE POLICY "Users with correct policies can SELECT on collections" ON public.collections FOR SELECT TO authenticated
+    USING (
+        public.check_action_policy_organization(auth.uid(), 'collections', 'SELECT')
+    );
+
+DROP POLICY IF EXISTS "Users with correct policies can INSERT on collections" ON public.collections;
+
+CREATE POLICY "Users with correct policies can INSERT on collections" ON public.collections FOR INSERT TO authenticated
+    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'collections', 'INSERT'));
+
+DROP POLICY IF EXISTS "Users with correct policies can UPDATE on collections" ON public.collections;
+
+CREATE POLICY "Users with correct policies can UPDATE on collections" ON public.collections FOR UPDATE TO authenticated
+    USING (
+    public.check_action_policy_organization(auth.uid(), 'collections', 'UPDATE')
+    )
+    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'collections', 'UPDATE'));
+
+DROP POLICY IF EXISTS "Users with correct policies can DELETE on collections" ON public.collections;
+
+CREATE POLICY "Users with correct policies can DELETE on collections" ON public.collections FOR DELETE TO authenticated
+    USING (public.check_action_policy_organization(auth.uid(), 'collections', 'DELETE'));

SQL Scripts/policies/documents.sql

@@ -1,39 +1,90 @@
 DROP POLICY IF EXISTS "Users with correct policies can SELECT on documents" ON public.documents;
 
-CREATE POLICY "Users with correct policies can SELECT on documents" ON public.documents FOR SELECT TO authenticated
-    USING (
-            is_archived IS FALSE AND
-            (public.check_action_policy_organization(auth.uid(), 'documents', 'SELECT') OR
-            public.check_action_policy_project_from_document(auth.uid(), 'documents', 'SELECT', id) OR
-            public.check_action_policy_layer_from_document(auth.uid(), 'documents', 'SELECT', id))
+CREATE POLICY "Users with correct policies can SELECT on documents" ON public.documents FOR
+SELECT
+    TO authenticated USING (
+        is_archived IS FALSE
+        AND (
+            (
+                is_private = FALSE
+                OR created_by = auth.uid ()
+            )
+            AND public.check_action_policy_organization (auth.uid (), 'documents', 'SELECT')
+            OR public.check_action_policy_project_from_document (auth.uid (), 'documents', 'SELECT', id)
+            OR public.check_action_policy_layer_from_document (auth.uid (), 'documents', 'SELECT', id)
+        )
     );
 
 DROP POLICY IF EXISTS "Users with correct policies can INSERT on documents" ON public.documents;
 
 CREATE POLICY "Users with correct policies can INSERT on documents" ON public.documents FOR INSERT TO authenticated
-    WITH CHECK (
-        public.check_action_policy_organization(auth.uid(), 'documents', 'INSERT') OR
-        public.check_action_policy_project_from_document(auth.uid(), 'documents', 'INSERT', id) OR
-        public.check_action_policy_layer_from_document(auth.uid(), 'documents', 'INSERT', id)
+WITH
+    CHECK (
+        (
+            (
+                is_private = FALSE
+                OR created_by = auth.uid ()
+            )
+            AND (collection_id ISNULL) 
+            AND public.check_action_policy_organization (auth.uid (), 'documents', 'INSERT')
+        )
+        OR public.check_action_policy_project_from_document (auth.uid (), 'documents', 'INSERT', id)
+        OR public.check_action_policy_layer_from_document (auth.uid (), 'documents', 'INSERT', id)
     );
 
 DROP POLICY IF EXISTS "Users with correct policies can UPDATE on documents" ON public.documents;
 
-CREATE POLICY "Users with correct policies can UPDATE on documents" ON public.documents FOR UPDATE TO authenticated
-    USING (
-        public.check_action_policy_organization(auth.uid(), 'documents', 'UPDATE') OR
-        public.check_action_policy_project_from_document(auth.uid(), 'documents', 'UPDATE', id) OR
-        public.check_action_policy_layer_from_document(auth.uid(), 'documents', 'UPDATE', id)
+CREATE POLICY "Users with correct policies can UPDATE on documents" ON public.documents
+FOR UPDATE
+    TO authenticated USING (
+        (
+            (
+                is_private = FALSE
+                OR created_by = auth.uid ()
+            )
+            AND (collection_id ISNULL) 
+            AND public.check_action_policy_organization (auth.uid (), 'documents', 'UPDATE')
+        )
+        OR (
+            (
+                is_private = FALSE
+                OR created_by = auth.uid ()
+            )
+            AND (collection_id ISNULL) 
+            AND public.check_action_policy_project_from_document (auth.uid (), 'documents', 'UPDATE', id)
+        )
     )
-    WITH CHECK (public.check_action_policy_organization(auth.uid(), 'documents', 'UPDATE') OR
-                public.check_action_policy_project_from_document(auth.uid(), 'documents', 'UPDATE', id) OR
-                public.check_action_policy_layer_from_document(auth.uid(), 'documents', 'UPDATE', id)
+WITH
+    CHECK (
+        (
+            (
+                is_private = FALSE
+                OR created_by = auth.uid ()
+            )
+            AND (collection_id ISNULL)            
+            AND public.check_action_policy_organization (auth.uid (), 'documents', 'UPDATE')
+        )
+        OR (
+            (
+                is_private = FALSE
+                OR created_by = auth.uid ()
+            )
+            AND (collection_id ISNULL)              
+            AND public.check_action_policy_project_from_document (auth.uid (), 'documents', 'UPDATE', id)
+        )
     );
 
 DROP POLICY IF EXISTS "Users with correct policies can DELETE on documents" ON public.documents;
 
-CREATE POLICY "Users with correct policies can DELETE on documents" ON public.documents FOR DELETE TO authenticated
-    USING (public.check_action_policy_organization(auth.uid(), 'documents', 'DELETE') OR
-           public.check_action_policy_project_from_document(auth.uid(), 'documents', 'DELETE', id) OR
-           public.check_action_policy_layer_from_document(auth.uid(), 'documents', 'DELETE', id)
-    );
+CREATE POLICY "Users with correct policies can DELETE on documents" ON public.documents FOR DELETE TO authenticated USING (
+    (
+        (
+            is_private = FALSE
+            OR created_by = auth.uid ()
+        )
+        AND (collection_id ISNULL)        
+        AND public.check_action_policy_organization (auth.uid (), 'documents', 'DELETE')
+    )
+    OR public.check_action_policy_project_from_document (auth.uid (), 'documents', 'DELETE', id)
+    OR public.check_action_policy_layer_from_document (auth.uid (), 'documents', 'DELETE', id)
+);

SQL Scripts/tables/collections.sql

@@ -0,0 +1,10 @@
+CREATE TABLE public.collections (
+    id uuid NOT NULL DEFAULT uuid_generate_v4 () PRIMARY KEY,
+    created_at timestamp WITH TIME ZONE DEFAULT NOW(),
+    created_by uuid REFERENCES public.profiles,
+    updated_at timestamptz,
+    updated_by uuid REFERENCES public.profiles,
+    name varchar NOT NULL,
+    extension_id uuid REFERENCES public.extensions,
+    extension_metadata json
+);

SQL Scripts/tables/documents.sql

@@ -12,7 +12,10 @@ CREATE TABLE public.documents
     name         varchar            NOT NULL,
     bucket_id    text,
     content_type content_types_type NOT NULL,
-    meta_data    json DEFAULT {}
+    meta_data    json DEFAULT {},
+    is_private   BOOLEAN DEFAULT TRUE,
+    collection_id uuid REFERENCES public.collections,
+    collection_metadata json
 );
 
 -- Changes 5/24/23 --
@@ -33,3 +36,11 @@ ALTER TABLE public.documents
 
 -- Changes 8/21/23 --
 ALTER TABLE public.documents ALTER COLUMN content_type TYPE content_types_type USING content_type::content_types_type;
+
+-- Changes 12/11/23 --
+ALTER TABLE public.documents ADD COLUMN is_private BOOLEAN DEFAULT true;
+
+-- Changes 12/20/23 --
+ALTER TABLE public.documents ADD COLUMN collection_id uuid REFERENCES public.collections;
+
+ALTER TABLE public.documents ADD COLUMN collection_metadata json;

SQL Scripts/tables/extensions.sql

@@ -0,0 +1,12 @@
+-- extensions table --
+CREATE TYPE activation_types AS ENUM('cron', 'direct_call');
+
+CREATE TABLE public.extensions (
+    id uuid NOT NULL DEFAULT uuid_generate_v4 () PRIMARY KEY,
+    created_at timestamp WITH TIME ZONE DEFAULT NOW(),
+    created_by uuid REFERENCES public.profiles,
+    updated_at timestamptz,
+    updated_by uuid REFERENCES public.profiles,
+    activation_type activation_types NOT NULL,
+    metadata json
+);