feat: scaffold files service
This commit is contained in:
5
migrations/001_initial.down.sql
Normal file
5
migrations/001_initial.down.sql
Normal file
@@ -0,0 +1,5 @@
|
||||
DROP TABLE IF EXISTS files_audit_events;
|
||||
DROP TABLE IF EXISTS files_public_links;
|
||||
DROP TABLE IF EXISTS files_access;
|
||||
DROP TABLE IF EXISTS files_nodes;
|
||||
|
||||
71
migrations/001_initial.up.sql
Normal file
71
migrations/001_initial.up.sql
Normal file
@@ -0,0 +1,71 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pgcrypto;
|
||||
|
||||
CREATE TABLE files_nodes (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
parent_id UUID REFERENCES files_nodes(id) ON DELETE CASCADE,
|
||||
node_type TEXT NOT NULL CHECK (node_type IN ('folder', 'file', 'google_sheet', 'office_document')),
|
||||
title TEXT NOT NULL,
|
||||
owner_user_id UUID NOT NULL,
|
||||
owner_department_id UUID,
|
||||
created_by UUID NOT NULL,
|
||||
updated_by UUID,
|
||||
storage_key TEXT,
|
||||
original_filename TEXT,
|
||||
mime_type TEXT,
|
||||
extension TEXT,
|
||||
size_bytes BIGINT NOT NULL DEFAULT 0,
|
||||
office_format TEXT,
|
||||
external_url TEXT,
|
||||
version INTEGER NOT NULL DEFAULT 1,
|
||||
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
||||
updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
||||
deleted_at TIMESTAMPTZ,
|
||||
CONSTRAINT files_nodes_file_storage_check CHECK (
|
||||
node_type IN ('folder', 'google_sheet') OR storage_key IS NOT NULL
|
||||
)
|
||||
);
|
||||
|
||||
CREATE INDEX files_nodes_parent_idx ON files_nodes(parent_id) WHERE deleted_at IS NULL;
|
||||
CREATE INDEX files_nodes_owner_idx ON files_nodes(owner_user_id) WHERE deleted_at IS NULL;
|
||||
CREATE INDEX files_nodes_type_idx ON files_nodes(node_type) WHERE deleted_at IS NULL;
|
||||
|
||||
CREATE TABLE files_access (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
node_id UUID NOT NULL REFERENCES files_nodes(id) ON DELETE CASCADE,
|
||||
user_id UUID NOT NULL,
|
||||
access_level TEXT NOT NULL CHECK (access_level IN ('view', 'edit')),
|
||||
granted_by UUID NOT NULL,
|
||||
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
||||
UNIQUE (node_id, user_id)
|
||||
);
|
||||
|
||||
CREATE INDEX files_access_node_idx ON files_access(node_id);
|
||||
CREATE INDEX files_access_user_idx ON files_access(user_id);
|
||||
|
||||
CREATE TABLE files_public_links (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
node_id UUID NOT NULL REFERENCES files_nodes(id) ON DELETE CASCADE,
|
||||
token_hash TEXT NOT NULL UNIQUE,
|
||||
access_level TEXT NOT NULL DEFAULT 'view' CHECK (access_level = 'view'),
|
||||
expires_at TIMESTAMPTZ NOT NULL,
|
||||
created_by UUID NOT NULL,
|
||||
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
||||
revoked_at TIMESTAMPTZ
|
||||
);
|
||||
|
||||
CREATE INDEX files_public_links_node_idx ON files_public_links(node_id);
|
||||
CREATE INDEX files_public_links_active_idx ON files_public_links(token_hash, expires_at) WHERE revoked_at IS NULL;
|
||||
|
||||
CREATE TABLE files_audit_events (
|
||||
id BIGSERIAL PRIMARY KEY,
|
||||
actor_user_id UUID,
|
||||
action TEXT NOT NULL,
|
||||
entity_type TEXT NOT NULL,
|
||||
entity_id UUID,
|
||||
meta JSONB NOT NULL DEFAULT '{}'::jsonb,
|
||||
created_at TIMESTAMPTZ NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX files_audit_events_actor_idx ON files_audit_events(actor_user_id, created_at DESC);
|
||||
CREATE INDEX files_audit_events_entity_idx ON files_audit_events(entity_type, entity_id, created_at DESC);
|
||||
|
||||
2
migrations/002_access_functions.down.sql
Normal file
2
migrations/002_access_functions.down.sql
Normal file
@@ -0,0 +1,2 @@
|
||||
DROP FUNCTION IF EXISTS effective_node_access(UUID, UUID, TEXT[]);
|
||||
DROP FUNCTION IF EXISTS has_node_access(UUID, UUID);
|
||||
48
migrations/002_access_functions.up.sql
Normal file
48
migrations/002_access_functions.up.sql
Normal file
@@ -0,0 +1,48 @@
|
||||
CREATE OR REPLACE FUNCTION has_node_access(p_node_id UUID, p_user_id UUID)
|
||||
RETURNS BOOLEAN
|
||||
LANGUAGE sql
|
||||
STABLE
|
||||
AS $$
|
||||
WITH RECURSIVE ancestors AS (
|
||||
SELECT id, parent_id FROM files_nodes WHERE id = p_node_id AND deleted_at IS NULL
|
||||
UNION ALL
|
||||
SELECT p.id, p.parent_id
|
||||
FROM files_nodes p
|
||||
JOIN ancestors a ON a.parent_id = p.id
|
||||
WHERE p.deleted_at IS NULL
|
||||
)
|
||||
SELECT EXISTS (
|
||||
SELECT 1
|
||||
FROM ancestors a
|
||||
JOIN files_access fa ON fa.node_id = a.id
|
||||
WHERE fa.user_id = p_user_id
|
||||
);
|
||||
$$;
|
||||
|
||||
CREATE OR REPLACE FUNCTION effective_node_access(p_node_id UUID, p_user_id UUID, p_subordinate_ids TEXT[])
|
||||
RETURNS TEXT
|
||||
LANGUAGE sql
|
||||
STABLE
|
||||
AS $$
|
||||
WITH RECURSIVE ancestors AS (
|
||||
SELECT id, parent_id, owner_user_id FROM files_nodes WHERE id = p_node_id AND deleted_at IS NULL
|
||||
UNION ALL
|
||||
SELECT p.id, p.parent_id, p.owner_user_id
|
||||
FROM files_nodes p
|
||||
JOIN ancestors a ON a.parent_id = p.id
|
||||
WHERE p.deleted_at IS NULL
|
||||
),
|
||||
direct_access AS (
|
||||
SELECT fa.access_level
|
||||
FROM ancestors a
|
||||
JOIN files_access fa ON fa.node_id = a.id
|
||||
WHERE fa.user_id = p_user_id
|
||||
)
|
||||
SELECT CASE
|
||||
WHEN EXISTS (SELECT 1 FROM files_nodes n WHERE n.id = p_node_id AND n.owner_user_id = p_user_id AND n.deleted_at IS NULL) THEN 'edit'
|
||||
WHEN EXISTS (SELECT 1 FROM files_nodes n WHERE n.id = p_node_id AND n.owner_user_id::text = ANY(p_subordinate_ids) AND n.deleted_at IS NULL) THEN 'view'
|
||||
WHEN EXISTS (SELECT 1 FROM direct_access WHERE access_level = 'edit') THEN 'edit'
|
||||
WHEN EXISTS (SELECT 1 FROM direct_access) THEN 'view'
|
||||
ELSE ''
|
||||
END;
|
||||
$$;
|
||||
Reference in New Issue
Block a user