-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Expand file tree
/
Copy pathroles.sql
More file actions
89 lines (86 loc) · 2.27 KB
/
roles.sql
File metadata and controls
89 lines (86 loc) · 2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
-- name: CustomRoles :many
SELECT
*
FROM
custom_roles
WHERE
true
-- @lookup_roles will filter for exact (role_name, org_id) pairs
-- To do this manually in SQL, you can construct an array and cast it:
-- cast(ARRAY[('customrole','ece79dac-926e-44ca-9790-2ff7c5eb6e0c')] AS name_organization_pair[])
AND CASE WHEN array_length(@lookup_roles :: name_organization_pair[], 1) > 0 THEN
-- Using 'coalesce' to avoid troubles with null literals being an empty string.
(name, coalesce(organization_id, '00000000-0000-0000-0000-000000000000' ::uuid)) = ANY (@lookup_roles::name_organization_pair[])
ELSE true
END
-- This allows fetching all roles, or just site wide roles
AND CASE WHEN @exclude_org_roles :: boolean THEN
organization_id IS null
ELSE true
END
-- Allows fetching all roles to a particular organization
AND CASE WHEN @organization_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
organization_id = @organization_id
ELSE true
END
-- Filter system roles. By default, system roles are excluded.
-- System roles are managed by Coder and should be hidden from user-facing APIs.
-- The authorization system uses @include_system_roles = true to load them.
AND CASE WHEN @include_system_roles :: boolean THEN
true
ELSE
is_system = false
END
;
-- name: DeleteCustomRole :exec
DELETE FROM
custom_roles
WHERE
name = lower(@name)
AND organization_id = @organization_id
-- Prevents accidental deletion of system roles even if the API
-- layer check is bypassed due to a bug.
AND is_system = false
;
-- name: InsertCustomRole :one
INSERT INTO
custom_roles (
name,
display_name,
organization_id,
site_permissions,
org_permissions,
user_permissions,
member_permissions,
is_system,
created_at,
updated_at
)
VALUES (
-- Always force lowercase names
lower(@name),
@display_name,
@organization_id,
@site_permissions,
@org_permissions,
@user_permissions,
@member_permissions,
@is_system,
now(),
now()
)
RETURNING *;
-- name: UpdateCustomRole :one
UPDATE
custom_roles
SET
display_name = @display_name,
site_permissions = @site_permissions,
org_permissions = @org_permissions,
user_permissions = @user_permissions,
member_permissions = @member_permissions,
updated_at = now()
WHERE
name = lower(@name)
AND organization_id = @organization_id
RETURNING *;