forked from wrenn/wrenn
pptx704
8e5d426638
- Three-role model (owner/admin/member) with owner protection invariants - Team CRUD: create, rename (admin+), soft-delete with VM cleanup (owner only) - Member management: add by email, remove, role updates (admin+), leave - Switch-team endpoint re-issues JWT after DB membership verification - User email prefix search for add-member UI autocomplete - JWT carries role as a hint; all authorization decisions verified from DB - Team slug: immutable 12-char hex (e.g. a1b2c3-d1e2f3), reserved on soft-delete - Migration adds slug + deleted_at to teams; backfills existing rows
251 lines
6.1 KiB
Go
251 lines
6.1 KiB
Go
// Code generated by sqlc. DO NOT EDIT.
|
|
// versions:
|
|
// sqlc v1.30.0
|
|
// source: users.sql
|
|
|
|
package db
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/jackc/pgx/v5/pgtype"
|
|
)
|
|
|
|
const deleteAdminPermission = `-- name: DeleteAdminPermission :exec
|
|
DELETE FROM admin_permissions WHERE user_id = $1 AND permission = $2
|
|
`
|
|
|
|
type DeleteAdminPermissionParams struct {
|
|
UserID string `json:"user_id"`
|
|
Permission string `json:"permission"`
|
|
}
|
|
|
|
func (q *Queries) DeleteAdminPermission(ctx context.Context, arg DeleteAdminPermissionParams) error {
|
|
_, err := q.db.Exec(ctx, deleteAdminPermission, arg.UserID, arg.Permission)
|
|
return err
|
|
}
|
|
|
|
const getAdminPermissions = `-- name: GetAdminPermissions :many
|
|
SELECT id, user_id, permission, created_at FROM admin_permissions WHERE user_id = $1 ORDER BY permission
|
|
`
|
|
|
|
func (q *Queries) GetAdminPermissions(ctx context.Context, userID string) ([]AdminPermission, error) {
|
|
rows, err := q.db.Query(ctx, getAdminPermissions, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
var items []AdminPermission
|
|
for rows.Next() {
|
|
var i AdminPermission
|
|
if err := rows.Scan(
|
|
&i.ID,
|
|
&i.UserID,
|
|
&i.Permission,
|
|
&i.CreatedAt,
|
|
); err != nil {
|
|
return nil, err
|
|
}
|
|
items = append(items, i)
|
|
}
|
|
if err := rows.Err(); err != nil {
|
|
return nil, err
|
|
}
|
|
return items, nil
|
|
}
|
|
|
|
const getAdminUsers = `-- name: GetAdminUsers :many
|
|
SELECT id, email, password_hash, created_at, updated_at, is_admin FROM users WHERE is_admin = TRUE ORDER BY created_at
|
|
`
|
|
|
|
func (q *Queries) GetAdminUsers(ctx context.Context) ([]User, error) {
|
|
rows, err := q.db.Query(ctx, getAdminUsers)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
var items []User
|
|
for rows.Next() {
|
|
var i User
|
|
if err := rows.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
&i.IsAdmin,
|
|
); err != nil {
|
|
return nil, err
|
|
}
|
|
items = append(items, i)
|
|
}
|
|
if err := rows.Err(); err != nil {
|
|
return nil, err
|
|
}
|
|
return items, nil
|
|
}
|
|
|
|
const getUserByEmail = `-- name: GetUserByEmail :one
|
|
SELECT id, email, password_hash, created_at, updated_at, is_admin FROM users WHERE email = $1
|
|
`
|
|
|
|
func (q *Queries) GetUserByEmail(ctx context.Context, email string) (User, error) {
|
|
row := q.db.QueryRow(ctx, getUserByEmail, email)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
&i.IsAdmin,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const getUserByID = `-- name: GetUserByID :one
|
|
SELECT id, email, password_hash, created_at, updated_at, is_admin FROM users WHERE id = $1
|
|
`
|
|
|
|
func (q *Queries) GetUserByID(ctx context.Context, id string) (User, error) {
|
|
row := q.db.QueryRow(ctx, getUserByID, id)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
&i.IsAdmin,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const hasAdminPermission = `-- name: HasAdminPermission :one
|
|
SELECT EXISTS(
|
|
SELECT 1 FROM admin_permissions WHERE user_id = $1 AND permission = $2
|
|
) AS has_permission
|
|
`
|
|
|
|
type HasAdminPermissionParams struct {
|
|
UserID string `json:"user_id"`
|
|
Permission string `json:"permission"`
|
|
}
|
|
|
|
func (q *Queries) HasAdminPermission(ctx context.Context, arg HasAdminPermissionParams) (bool, error) {
|
|
row := q.db.QueryRow(ctx, hasAdminPermission, arg.UserID, arg.Permission)
|
|
var has_permission bool
|
|
err := row.Scan(&has_permission)
|
|
return has_permission, err
|
|
}
|
|
|
|
const insertAdminPermission = `-- name: InsertAdminPermission :exec
|
|
INSERT INTO admin_permissions (id, user_id, permission)
|
|
VALUES ($1, $2, $3)
|
|
`
|
|
|
|
type InsertAdminPermissionParams struct {
|
|
ID string `json:"id"`
|
|
UserID string `json:"user_id"`
|
|
Permission string `json:"permission"`
|
|
}
|
|
|
|
func (q *Queries) InsertAdminPermission(ctx context.Context, arg InsertAdminPermissionParams) error {
|
|
_, err := q.db.Exec(ctx, insertAdminPermission, arg.ID, arg.UserID, arg.Permission)
|
|
return err
|
|
}
|
|
|
|
const insertUser = `-- name: InsertUser :one
|
|
INSERT INTO users (id, email, password_hash)
|
|
VALUES ($1, $2, $3)
|
|
RETURNING id, email, password_hash, created_at, updated_at, is_admin
|
|
`
|
|
|
|
type InsertUserParams struct {
|
|
ID string `json:"id"`
|
|
Email string `json:"email"`
|
|
PasswordHash pgtype.Text `json:"password_hash"`
|
|
}
|
|
|
|
func (q *Queries) InsertUser(ctx context.Context, arg InsertUserParams) (User, error) {
|
|
row := q.db.QueryRow(ctx, insertUser, arg.ID, arg.Email, arg.PasswordHash)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
&i.IsAdmin,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const insertUserOAuth = `-- name: InsertUserOAuth :one
|
|
INSERT INTO users (id, email)
|
|
VALUES ($1, $2)
|
|
RETURNING id, email, password_hash, created_at, updated_at, is_admin
|
|
`
|
|
|
|
type InsertUserOAuthParams struct {
|
|
ID string `json:"id"`
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
func (q *Queries) InsertUserOAuth(ctx context.Context, arg InsertUserOAuthParams) (User, error) {
|
|
row := q.db.QueryRow(ctx, insertUserOAuth, arg.ID, arg.Email)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
&i.IsAdmin,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const searchUsersByEmailPrefix = `-- name: SearchUsersByEmailPrefix :many
|
|
SELECT id, email FROM users WHERE email LIKE $1 || '%' ORDER BY email LIMIT 10
|
|
`
|
|
|
|
type SearchUsersByEmailPrefixRow struct {
|
|
ID string `json:"id"`
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
func (q *Queries) SearchUsersByEmailPrefix(ctx context.Context, dollar_1 pgtype.Text) ([]SearchUsersByEmailPrefixRow, error) {
|
|
rows, err := q.db.Query(ctx, searchUsersByEmailPrefix, dollar_1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
var items []SearchUsersByEmailPrefixRow
|
|
for rows.Next() {
|
|
var i SearchUsersByEmailPrefixRow
|
|
if err := rows.Scan(&i.ID, &i.Email); err != nil {
|
|
return nil, err
|
|
}
|
|
items = append(items, i)
|
|
}
|
|
if err := rows.Err(); err != nil {
|
|
return nil, err
|
|
}
|
|
return items, nil
|
|
}
|
|
|
|
const setUserAdmin = `-- name: SetUserAdmin :exec
|
|
UPDATE users SET is_admin = $2, updated_at = NOW() WHERE id = $1
|
|
`
|
|
|
|
type SetUserAdminParams struct {
|
|
ID string `json:"id"`
|
|
IsAdmin bool `json:"is_admin"`
|
|
}
|
|
|
|
func (q *Queries) SetUserAdmin(ctx context.Context, arg SetUserAdminParams) error {
|
|
_, err := q.db.Exec(ctx, setUserAdmin, arg.ID, arg.IsAdmin)
|
|
return err
|
|
}
|