forked from wrenn/wrenn
pptx704
8e5d426638
- Three-role model (owner/admin/member) with owner protection invariants - Team CRUD: create, rename (admin+), soft-delete with VM cleanup (owner only) - Member management: add by email, remove, role updates (admin+), leave - Switch-team endpoint re-issues JWT after DB membership verification - User email prefix search for add-member UI autocomplete - JWT carries role as a hint; all authorization decisions verified from DB - Team slug: immutable 12-char hex (e.g. a1b2c3-d1e2f3), reserved on soft-delete - Migration adds slug + deleted_at to teams; backfills existing rows
40 lines
1.1 KiB
SQL
40 lines
1.1 KiB
SQL
-- name: InsertUser :one
|
|
INSERT INTO users (id, email, password_hash)
|
|
VALUES ($1, $2, $3)
|
|
RETURNING *;
|
|
|
|
-- name: GetUserByEmail :one
|
|
SELECT * FROM users WHERE email = $1;
|
|
|
|
-- name: GetUserByID :one
|
|
SELECT * FROM users WHERE id = $1;
|
|
|
|
-- name: InsertUserOAuth :one
|
|
INSERT INTO users (id, email)
|
|
VALUES ($1, $2)
|
|
RETURNING *;
|
|
|
|
-- name: SetUserAdmin :exec
|
|
UPDATE users SET is_admin = $2, updated_at = NOW() WHERE id = $1;
|
|
|
|
-- name: GetAdminUsers :many
|
|
SELECT * FROM users WHERE is_admin = TRUE ORDER BY created_at;
|
|
|
|
-- name: InsertAdminPermission :exec
|
|
INSERT INTO admin_permissions (id, user_id, permission)
|
|
VALUES ($1, $2, $3);
|
|
|
|
-- name: DeleteAdminPermission :exec
|
|
DELETE FROM admin_permissions WHERE user_id = $1 AND permission = $2;
|
|
|
|
-- name: GetAdminPermissions :many
|
|
SELECT * FROM admin_permissions WHERE user_id = $1 ORDER BY permission;
|
|
|
|
-- name: HasAdminPermission :one
|
|
SELECT EXISTS(
|
|
SELECT 1 FROM admin_permissions WHERE user_id = $1 AND permission = $2
|
|
) AS has_permission;
|
|
|
|
-- name: SearchUsersByEmailPrefix :many
|
|
SELECT id, email FROM users WHERE email LIKE $1 || '%' ORDER BY email LIMIT 10;
|