fix: tag related sql

hpi-studyu · Jun 30, 2023 · 348d7e2 · 348d7e2
1 parent 0c8b89b
commit 348d7e2
Show file tree

Hide file tree

Showing 11 changed files with 255 additions and 177 deletions.
diff --git a/core/lib/src/models/tables/study.dart b/core/lib/src/models/tables/study.dart
@@ -108,11 +108,14 @@ class Study extends SupabaseObjectFunctions<Study> {
     final study = _$StudyFromJson(json);
     final List? studyTags = json['study_tags'] as List?;
     if (studyTags != null) {
-      study.studyTags = studyTags.map((json) => StudyTag.fromTag(
-          studyId: study.id,
-          tag: Tag.fromJson(json as Map<String, dynamic>),
-      ),
-      ).toList();
+      study.studyTags = studyTags
+          .map(
+            (json) => StudyTag.fromTag(
+              studyId: study.id,
+              tag: Tag.fromJson(json as Map<String, dynamic>),
+            ),
+          )
+          .toList();
     } else {
       study.studyTags = [];
     }

diff --git a/core/lib/src/models/tables/study_tag.dart b/core/lib/src/models/tables/study_tag.dart
@@ -61,12 +61,10 @@ class StudyTag extends SupabaseObjectFunctions<StudyTag> {
 
   @override
   bool operator ==(Object other) =>
-      identical(this, other) ||
-          other is StudyTag && studyId == other.studyId && tag == other.tag;
+      identical(this, other) || other is StudyTag && studyId == other.studyId && tag == other.tag;
 
   @override
-  int get hashCode =>
-      id.hashCode ^ name.hashCode ^ studyId.hashCode ^ tag.hashCode;
+  int get hashCode => id.hashCode ^ name.hashCode ^ studyId.hashCode ^ tag.hashCode;
 }
 
 extension StudyTagListToTagList on List<StudyTag> {

diff --git a/core/lib/src/models/tables/tag.dart b/core/lib/src/models/tables/tag.dart
@@ -30,10 +30,8 @@ class Tag extends SupabaseObjectFunctions<Tag> {
 
   @override
   bool operator ==(Object other) =>
-      identical(this, other) ||
-          other is Tag && id == other.id && name == other.name && color == other.color;
+      identical(this, other) || other is Tag && id == other.id && name == other.name && color == other.color;
 
   @override
-  int get hashCode =>
-      id.hashCode ^ name.hashCode ^ color.hashCode ^ parentId.hashCode;
+  int get hashCode => id.hashCode ^ name.hashCode ^ color.hashCode ^ parentId.hashCode;
 }
diff --git a/database/migrate_tags.sql b/database/migrate_tags.sql
@@ -2,11 +2,11 @@
 -- Name: tag; Type: TABLE; Schema: public; Owner: supabase_admin
 --
 
-CREATE TABLE tag (
+CREATE TABLE public.tag (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     name text NOT NULL,
     color integer,
-    parent_id uuid,
+    parent_id uuid
     -- rename result_sharing to visibility
     --visibility public.result_sharing NOT NULL DEFAULT 'private'::public.result_sharing,
 );
@@ -26,10 +26,9 @@ ALTER TABLE ONLY public.tag
 -- Name: study_tag; Type: TABLE; Schema: public; Owner: supabase_admin
 --
 
-CREATE TABLE study_tag (
-    study_id uuid REFERENCES study (id) ON DELETE CASCADE,
-    tag_id uuid REFERENCES tag (id) ON DELETE CASCADE,
-
+CREATE TABLE public.study_tag (
+    study_id uuid NOT NULL,
+    tag_id uuid NOT NULL
 );
 
 ALTER TABLE public.study_tag OWNER TO supabase_admin;
@@ -52,33 +51,66 @@ ALTER TABLE ONLY public.tag
 
 
 --
--- Name: tag Allow read access but deny write access for tag; Type: POLICY; Schema: public; Owner: supabase_admin
+-- Name: tag study_tag_studyId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE ONLY public.study_tag
+    ADD CONSTRAINT "study_tag_studyId_fkey" FOREIGN KEY (study_id) REFERENCES public.study(id) ON DELETE CASCADE;
+
+
 --
+-- Name: tag study_tag_tagId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE ONLY public.study_tag
+    ADD CONSTRAINT "study_tag_tagId_fkey" FOREIGN KEY (tag_id) REFERENCES public.tag(id) ON DELETE CASCADE;
+
+
 -- TODO VERIFY all policies regarding anonymous select, update, insert, delete and authenticated behavior regarding auth.uid()
 
-create policy "Allow read access, deny write access"
-  on tag
-  for select
-  using (true);
-  -- with check (false);
+--
+-- Name: study_tag Allow read access but deny write access for tags; Type: POLICY; Schema: public; Owner: supabase_admin
+--
+
+CREATE POLICY "Allow read access, deny write access"
+  ON public.tag
+  FOR SELECT
+  USING (true);
 
 
 --
--- Name: study_tag Allow only study creators to add tags to studies; Type: POLICY; Schema: public; Owner: supabase_admin
+-- Name: Allow study creators to manage tags; Type: POLICY; Schema: public; Owner: supabase_admin
 --
 
-create policy "Allow study creators to add delete tags"
-  on study_tag
-  for insert, delete
-   USING (
-      TRUE
+CREATE POLICY "Allow study creators to manage tags"
+  ON public.study_tag
+  FOR ALL
+  USING (
+    EXISTS (
+      SELECT 1
+      FROM study
+      WHERE study.id = study_tag.study_id
+        AND study.user_id = auth.uid()
     )
-  with check (exists (
-    select *
-    from study
-    where study.id = id
-      and study.user_id = auth.uid()
-  ));
+  );
+
+
+--
+-- Name: Allow subscribed users to select study tags; Type: POLICY; Schema: public; Owner: supabase_admin
+--
+
+CREATE POLICY "Allow subscribed users to select study tags"
+  ON public.study_tag
+  FOR SELECT
+  USING (
+    EXISTS (
+      SELECT 1
+      FROM public.study_subject
+      WHERE study_subject.study_id = study_tag.study_id
+        AND study_subject.user_id = auth.uid()
+    )
+  );
+
 
 -- todo deny insert, delete, update for everyone else
 -- todo deny select for everyone except study creators and users subscribed to the study
@@ -90,7 +122,6 @@ create policy "Allow study creators to add delete tags"
 
 ALTER TABLE public.tag ENABLE ROW LEVEL SECURITY;
 
-
 --
 -- Name: study_tag; Type: ROW SECURITY; Schema: public; Owner: supabase_admin
 --

diff --git a/database/studyu-schema.sql b/database/studyu-schema.sql
@@ -1,5 +1,3 @@
--- TODO move stuff from migrate_tags to here
-
 SET statement_timeout = 0;
 SET lock_timeout = 0;
 SET idle_in_transaction_session_timeout = 0;
@@ -128,17 +126,29 @@ CREATE TABLE public.study_subject (
 ALTER TABLE public.study_subject OWNER TO supabase_admin;
 
 --
--- Name: study_tags; Type: TABLE; Schema: public; Owner: supabase_admin
+-- Name: tag; Type: TABLE; Schema: public; Owner: supabase_admin
 --
 
-CREATE TABLE study_tag (
+CREATE TABLE public.tag (
     id uuid DEFAULT gen_random_uuid() NOT NULL,
     name text NOT NULL,
     color integer,
-    parent_id uuid,
+    parent_id uuid
 );
 
 
+ALTER TABLE public.tag OWNER TO supabase_admin;
+
+
+--
+-- Name: study_tag; Type: TABLE; Schema: public; Owner: supabase_admin
+--
+
+CREATE TABLE public.study_tag (
+    study_id uuid NOT NULL,
+    tag_id uuid NOT NULL
+);
+
 ALTER TABLE public.study_tag OWNER TO supabase_admin;
 
 --
@@ -259,7 +269,7 @@ ALTER TABLE public.study_progress_export OWNER TO supabase_admin;
 CREATE TABLE public."user" (
     id uuid NOT NULL,
     email text,
-    preferences jsonb,
+    preferences jsonb
 );
 
 
@@ -329,12 +339,21 @@ ALTER TABLE ONLY public.study_subject
     ADD CONSTRAINT study_subject_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: tag tag_pkey; Type: CONSTRAINT; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE ONLY public.tag
+    ADD CONSTRAINT tag_pkey PRIMARY KEY (id);
+
+
 --
 -- Name: study_tag study_tag_pkey; Type: CONSTRAINT; Schema: public; Owner: supabase_admin
 --
 
 ALTER TABLE ONLY public.study_tag
-    ADD CONSTRAINT study_tag_pkey PRIMARY KEY (id);
+    ADD CONSTRAINT "study_tag_pkey" PRIMARY KEY (study_id, tag_id);
+
 
 -- ======================== FOREIGN KEY CONTRAINTS ======================================================
 
@@ -386,14 +405,6 @@ ALTER TABLE ONLY public.study_subject
     ADD CONSTRAINT "study_subject_studyId_fkey" FOREIGN KEY (study_id) REFERENCES public.study(id) ON DELETE CASCADE;
 
 
---
--- Name: study_tag study_tag_parentId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
---
-
-ALTER TABLE ONLY public.study_tag
-    ADD CONSTRAINT "study_tag_parentId_fkey" FOREIGN KEY (parent_id) REFERENCES public.study_tag(id) ON DELETE CASCADE;
-
-
 --
 -- Name: study_subject study_subject_userId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
 --
@@ -410,6 +421,30 @@ ALTER TABLE ONLY public.study
     ADD CONSTRAINT "study_userId_fkey" FOREIGN KEY (user_id) REFERENCES public."user"(id);
 
 
+--
+-- Name: tag tag_parentId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE ONLY public.tag
+    ADD CONSTRAINT "tag_parentId_fkey" FOREIGN KEY (parent_id) REFERENCES public.tag(id) ON DELETE CASCADE;
+
+
+--
+-- Name: tag study_tag_studyId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE ONLY public.study_tag
+    ADD CONSTRAINT "study_tag_studyId_fkey" FOREIGN KEY (study_id) REFERENCES public.study(id) ON DELETE CASCADE;
+
+
+--
+-- Name: tag study_tag_tagId_fkey; Type: FK CONSTRAINT; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE ONLY public.study_tag
+    ADD CONSTRAINT "study_tag_tagId_fkey" FOREIGN KEY (tag_id) REFERENCES public.tag(id) ON DELETE CASCADE;
+
+
 -- ======================== STUDY FUNCTIONS =====================================
 
 --
@@ -875,15 +910,45 @@ CREATE POLICY "Users can do everything with their subjects" ON public.study_subj
 -- Name: study_tag Allow read access but deny write access for tags; Type: POLICY; Schema: public; Owner: supabase_admin
 --
 
-CREATE POLICY allow_read_deny_write_tag ON study_tag FOR ALL
-USING (true) WITH CHECK (false);
+CREATE POLICY "Allow read access, deny write access"
+  ON public.tag
+  FOR SELECT
+  USING (true);
+
+
+--
+-- Name: Allow study creators to manage tags; Type: POLICY; Schema: public; Owner: supabase_admin
+--
+
+CREATE POLICY "Allow study creators to manage tags"
+  ON public.study_tag
+  FOR ALL
+  USING (
+    EXISTS (
+      SELECT 1
+      FROM public.study
+      WHERE study.id = study_tag.study_id
+        AND study.user_id = auth.uid()
+    )
+  );
 
 
 --
--- Name: user Users can do everything with their user data; Type: POLICY; Schema: public; Owner: supabase_admin
+-- Name: Allow subscribed users to select study tags; Type: POLICY; Schema: public; Owner: supabase_admin
 --
 
-CREATE POLICY "Users can read and write their user data" ON public."user" USING ((auth.uid() = id));
+CREATE POLICY "Allow subscribed users to select study tags"
+  ON public.study_tag
+  FOR SELECT
+  USING (
+    EXISTS (
+      SELECT 1
+      FROM public.study_subject
+      WHERE study_subject.study_id = study_tag.study_id
+        AND study_subject.user_id = auth.uid()
+    )
+  );
+
 
 --
 -- Name: app_config; Type: ROW SECURITY; Schema: public; Owner: supabase_admin
@@ -915,13 +980,18 @@ ALTER TABLE public.study_invite ENABLE ROW LEVEL SECURITY;
 
 ALTER TABLE public.study_subject ENABLE ROW LEVEL SECURITY;
 
+--
+-- Name: tag; Type: ROW SECURITY; Schema: public; Owner: supabase_admin
+--
+
+ALTER TABLE public.tag ENABLE ROW LEVEL SECURITY;
+
 --
 -- Name: study_tag; Type: ROW SECURITY; Schema: public; Owner: supabase_admin
 --
 
 ALTER TABLE public.study_tag ENABLE ROW LEVEL SECURITY;
 
-
 --
 -- Name: subject_progress; Type: ROW SECURITY; Schema: public; Owner: supabase_admin
 --