-
-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(api): add Token.user_override (and associated refactoring)
Related: #886
- Loading branch information
1 parent
66c0c1c
commit b1e6751
Showing
9 changed files
with
354 additions
and
33 deletions.
There are no files selected for viewing
151 changes: 151 additions & 0 deletions
151
api/desecapi/migrations/0042_rename_user_token_owner_token_user_override_and_more.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
# Generated by Django 5.1.3 on 2024-11-25 19:53 | ||
|
||
import django.db.models.deletion | ||
import django.db.models.functions.comparison | ||
import pgtrigger.compiler | ||
import pgtrigger.migrations | ||
from django.conf import settings | ||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
("desecapi", "0041_remove_token_token_auto_policy_and_more"), | ||
] | ||
|
||
operations = [ | ||
migrations.RunSQL( | ||
sql="ALTER TABLE desecapi_tokendomainpolicy DROP CONSTRAINT desecapi_tokendomainpolicy_token_id_token_user_id_fkey RESTRICT;", | ||
reverse_sql="ALTER TABLE desecapi_tokendomainpolicy ADD FOREIGN KEY ( token_id, token_user_id ) REFERENCES desecapi_token ( id, user_id );", | ||
), | ||
migrations.RemoveConstraint( | ||
model_name="token", | ||
name="unique_id_user", | ||
), | ||
migrations.AlterField( | ||
model_name="token", | ||
name="user", | ||
field=models.UUIDField(), | ||
), | ||
migrations.RenameField( | ||
model_name="token", | ||
old_name="user", | ||
new_name="owner", | ||
), | ||
migrations.AlterField( | ||
model_name="token", | ||
name="owner", | ||
field=models.ForeignKey( | ||
on_delete=django.db.models.deletion.CASCADE, | ||
related_name="+", | ||
to=settings.AUTH_USER_MODEL, | ||
), | ||
), | ||
migrations.AddField( | ||
model_name="token", | ||
name="user_override", | ||
field=models.ForeignKey( | ||
null=True, | ||
on_delete=django.db.models.deletion.CASCADE, | ||
related_name="+", | ||
to=settings.AUTH_USER_MODEL, | ||
), | ||
), | ||
migrations.AddConstraint( | ||
model_name="token", | ||
constraint=models.CheckConstraint( | ||
condition=models.Q( | ||
("user_override__isnull", True), | ||
models.Q( | ||
("mfa__isnull", True), | ||
("perm_manage_tokens", False), | ||
models.Q(("user_override", models.F("owner")), _negated=True), | ||
), | ||
_connector="OR", | ||
), | ||
name="user_override_conditions", | ||
), | ||
), | ||
migrations.AddField( | ||
model_name="token", | ||
name="user_id", | ||
field=models.GeneratedField( | ||
db_index=True, | ||
db_persist=True, | ||
expression=django.db.models.functions.comparison.Coalesce( | ||
"user_override", "owner" | ||
), | ||
output_field=models.UUIDField(), | ||
), | ||
), | ||
migrations.AddConstraint( | ||
model_name="token", | ||
constraint=models.UniqueConstraint( | ||
fields=("id", "user_id"), name="unique_id_user" | ||
), | ||
), | ||
migrations.RunSQL( | ||
sql="ALTER TABLE desecapi_tokendomainpolicy ADD FOREIGN KEY ( token_id, token_user_id ) REFERENCES desecapi_token ( id, user_id ) DEFERRABLE INITIALLY DEFERRED;", | ||
reverse_sql="ALTER TABLE desecapi_tokendomainpolicy DROP CONSTRAINT desecapi_tokendomainpolicy_token_id_token_user_id_fkey RESTRICT;", | ||
), | ||
migrations.AddField( | ||
model_name="token", | ||
name="user", | ||
field=models.ForeignObject( | ||
from_fields=["user_id"], | ||
null=True, | ||
on_delete=django.db.models.deletion.CASCADE, | ||
related_name="token_set", | ||
to=settings.AUTH_USER_MODEL, | ||
to_fields=["id"], | ||
), | ||
), | ||
pgtrigger.migrations.AddTrigger( | ||
model_name="token", | ||
trigger=pgtrigger.compiler.Trigger( | ||
name="token_policy_user_id", | ||
sql=pgtrigger.compiler.UpsertTriggerSql( | ||
condition='WHEN (OLD."user_id" IS DISTINCT FROM (NEW."user_id"))', | ||
func="\n IF\n OLD.user_override_id IS NOT NULL\n THEN\n RAISE EXCEPTION 'Cannot alter Token.user_override_id once set. (token.id=%)', NEW.id;\n END IF;\n UPDATE desecapi_tokendomainpolicy SET token_user_id = NEW.user_id WHERE token_id = NEW.id;\n RETURN NULL;\n ", | ||
hash="a35df14f79206d73314376dd33ce217359b8f3dc", | ||
operation='UPDATE OF "user_id"', | ||
pgid="pgtrigger_token_policy_user_id_c0a5d", | ||
table="desecapi_token", | ||
when="AFTER", | ||
), | ||
), | ||
), | ||
pgtrigger.migrations.RemoveTrigger( | ||
model_name="tokendomainpolicy", | ||
name="token_user", | ||
), | ||
pgtrigger.migrations.AddTrigger( | ||
model_name="tokendomainpolicy", | ||
trigger=pgtrigger.compiler.Trigger( | ||
name="token_user_insert", | ||
sql=pgtrigger.compiler.UpsertTriggerSql( | ||
func="NEW.token_user_id = (SELECT user_id FROM desecapi_token WHERE id = NEW.token_id); RETURN NEW;", | ||
hash="37cd6136f62cfc0209565c771a1fc1b1e789ed4b", | ||
operation="INSERT", | ||
pgid="pgtrigger_token_user_insert_619b2", | ||
table="desecapi_tokendomainpolicy", | ||
when="BEFORE", | ||
), | ||
), | ||
), | ||
pgtrigger.migrations.AddTrigger( | ||
model_name="tokendomainpolicy", | ||
trigger=pgtrigger.compiler.Trigger( | ||
name="token_user_update", | ||
sql=pgtrigger.compiler.UpsertTriggerSql( | ||
func="\n IF\n NEW.token_user_id != (SELECT user_id FROM desecapi_token WHERE id = NEW.token_id)\n THEN\n RAISE EXCEPTION 'Invalid token_user_id: %', NEW.token_user_id;\n END IF;\n RETURN NEW;\n ", | ||
hash="f385209f06beb1f0d38376b6223721efd02baf73", | ||
operation='UPDATE OF "token_user_id"', | ||
pgid="pgtrigger_token_user_update_7ff54", | ||
table="desecapi_tokendomainpolicy", | ||
when="BEFORE", | ||
), | ||
), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.