fixed premission problem after making migrations executed by go
All checks were successful
Tests / Run Go Tests (push) Successful in 1m44s
All checks were successful
Tests / Run Go Tests (push) Successful in 1m44s
This commit is contained in:
55
DB/initdb/01_create_user.sh
Executable file
55
DB/initdb/01_create_user.sh
Executable file
@@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
set -e # Exit on error
|
||||
|
||||
echo "Creating PostgreSQL user and setting permissions... $POSTGRES_USER for API user $POSTGRES_API_USER"
|
||||
|
||||
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE ROLE migrate LOGIN ENCRYPTED PASSWORD '$POSTGRES_PASSWORD';
|
||||
GRANT USAGE, CREATE ON SCHEMA public TO migrate;
|
||||
EOSQL
|
||||
|
||||
# psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
|
||||
# GRANT SELECT, INSERT, UPDATE ON anwesenheit, abwesenheit, user_password, wochen_report, s_feiertage TO $POSTGRES_API_USER;
|
||||
# GRANT DELETE ON abwesenheit TO $POSTGRES_API_USER;
|
||||
# GRANT SELECT ON s_personal_daten, s_abwesenheit_typen, s_anwesenheit_typen, s_feiertage TO $POSTGRES_API_USER;
|
||||
# GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO $POSTGRES_API_USER;
|
||||
# EOSQL
|
||||
|
||||
echo "User creation and permissions setup complete!"
|
||||
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
|
||||
-- privilege roles
|
||||
DO \$\$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'app_base') THEN
|
||||
CREATE ROLE app_base NOLOGIN;
|
||||
END IF;
|
||||
END
|
||||
\$\$;
|
||||
|
||||
-- dynamic login role
|
||||
DO \$\$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '$POSTGRES_API_USER') THEN
|
||||
CREATE ROLE $POSTGRES_API_USER
|
||||
LOGIN
|
||||
ENCRYPTED PASSWORD '$POSTGRES_API_PASS';
|
||||
END IF;
|
||||
END
|
||||
\$\$;
|
||||
|
||||
-- grant base privileges
|
||||
GRANT app_base TO $POSTGRES_API_USER;
|
||||
GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_API_USER;
|
||||
GRANT USAGE ON SCHEMA public TO $POSTGRES_API_USER;
|
||||
|
||||
CREATE EXTENSION IF NOT EXISTS pgcrypto;
|
||||
|
||||
EOSQL
|
||||
|
||||
# psql -v ON_ERROR_STOP=1 --username root --dbname arbeitszeitmessung
|
||||
@@ -1,124 +0,0 @@
|
||||
-- ----------------------------
|
||||
-- Table structure for anwesenheit
|
||||
-- ----------------------------
|
||||
DROP TABLE IF EXISTS "anwesenheit";
|
||||
CREATE TABLE "anwesenheit" (
|
||||
"counter_id" bigserial NOT NULL,
|
||||
"timestamp" timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
"card_uid" character varying(255) NOT NULL,
|
||||
"check_in_out" smallint NOT NULL,
|
||||
"geraet_id" smallint NOT NULL,
|
||||
"anwesenheit_typ" int2 NOT NULL,
|
||||
PRIMARY KEY ("counter_id")
|
||||
);
|
||||
|
||||
COMMENT ON COLUMN "anwesenheit"."check_in_out" IS '1=Check In 2=Check Out , 3=Check in Manuell, 4=Check out manuell255=Automatic Check Out';
|
||||
COMMENT ON COLUMN "anwesenheit"."geraet_id" IS 'ID des Lesegerätes';
|
||||
|
||||
-- ----------------------------
|
||||
-- Table structure for anwesenheitstypen
|
||||
-- ----------------------------
|
||||
|
||||
DROP TABLE IF EXISTS "s_anwesenheit_typen";
|
||||
CREATE TABLE "s_anwesenheit_typen" (
|
||||
"anwesenheit_id" int2 PRIMARY KEY,
|
||||
"anwesenheit_name" varchar(255) NOT NULL
|
||||
);
|
||||
|
||||
-- ----------------------------
|
||||
-- Table structure for personal_daten
|
||||
-- ----------------------------
|
||||
DROP TABLE IF EXISTS "s_personal_daten";
|
||||
CREATE TABLE "s_personal_daten" (
|
||||
"personal_nummer" int4 NOT NULL PRIMARY KEY,
|
||||
"aktiv_beschaeftigt" bool,
|
||||
"vorname" varchar(255) NOT NULL,
|
||||
"nachname" varchar(255) NOT NULL,
|
||||
"geburtsdatum" date,
|
||||
"plz" varchar(255),
|
||||
"adresse" varchar(255),
|
||||
"geschlecht" int2,
|
||||
"card_uid" varchar(255),
|
||||
"hauptbeschaeftigungs_ort" int2,
|
||||
"arbeitszeit_per_tag" float4,
|
||||
"arbeitszeit_per_woche" float4,
|
||||
"arbeitszeit_min_start" time(6),
|
||||
"arbeitszeit_max_ende" time(6),
|
||||
"vorgesetzter_pers_nr" int4
|
||||
);
|
||||
COMMENT ON COLUMN "s_personal_daten"."geschlecht" IS '1==weiblich, 2==maennlich, 3==divers';
|
||||
|
||||
DROP TABLE IF EXISTS "user_password";
|
||||
CREATE TABLE "user_password" (
|
||||
"personal_nummer" int4 NOT NULL PRIMARY KEY,
|
||||
"pass_hash" TEXT,
|
||||
"zuletzt_geandert" timestamp(6) DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
-- update Funktion für pass_hash
|
||||
|
||||
CREATE OR REPLACE FUNCTION update_zuletzt_geandert()
|
||||
RETURNS TRIGGER AS $$
|
||||
BEGIN
|
||||
-- Nur wenn hash geändert wurde
|
||||
IF NEW.pass_hash IS DISTINCT FROM OLD.pass_hash THEN
|
||||
NEW.zuletzt_geandert = now();
|
||||
END IF;
|
||||
RETURN NEW;
|
||||
END;
|
||||
$$ LANGUAGE plpgsql;
|
||||
|
||||
CREATE TRIGGER pass_hash_update
|
||||
BEFORE UPDATE ON user_password
|
||||
FOR EACH ROW
|
||||
EXECUTE FUNCTION update_zuletzt_geandert();
|
||||
|
||||
-- audittabelle für arbeitsstunden bestätigung
|
||||
|
||||
DROP TABLE IF EXISTS "wochen_report";
|
||||
CREATE TABLE "wochen_report" (
|
||||
"id" serial PRIMARY KEY,
|
||||
"personal_nummer" int4 NOT NULL,
|
||||
"woche_start" date NOT NULL,
|
||||
"bestaetigt" bool DEFAULT FALSE,
|
||||
"arbeitszeit" interval NOT NULL,
|
||||
"ueberstunden" interval NOT NULL,
|
||||
"anwesenheiten" int ARRAY,
|
||||
"abwesenheiten" int ARRAY,
|
||||
UNIQUE ("personal_nummer", "woche_start")
|
||||
);
|
||||
|
||||
DROP TABLE IF EXISTS "abwesenheit";
|
||||
CREATE TABLE "abwesenheit" (
|
||||
"counter_id" bigserial PRIMARY KEY,
|
||||
"card_uid" varchar(255) NOT NULL,
|
||||
"abwesenheit_typ" int2 NOT NULL,
|
||||
"datum_from" timestamptz DEFAULT NOW()::DATE NOT NULL,
|
||||
"datum_to" timestamptz NOT NULL
|
||||
);
|
||||
|
||||
DROP TABLE IF EXISTS "s_abwesenheit_typen";
|
||||
CREATE TABLE "s_abwesenheit_typen" (
|
||||
"abwesenheit_id" int2 PRIMARY KEY NOT NULL,
|
||||
"abwesenheit_name" varchar(255) NOT NULL,
|
||||
"arbeitszeit_equivalent" float4 NOT NULL
|
||||
);
|
||||
COMMENT ON COLUMN "s_abwesenheit_typen"."arbeitszeit_equivalent" IS '0=keine Arbeitszeit; -1=Arbeitszeit auffüllen; <=1 - 100 => Arbeitszeit pro Tag prozentual';
|
||||
|
||||
DROP TABLE IF EXISTS "s_feiertage";
|
||||
CREATE TABLE "s_feiertage" (
|
||||
"counter_id" serial PRIMARY KEY NOT NULL,
|
||||
"datum" date NOT NULL,
|
||||
"name" varchar(100) NOT NULL,
|
||||
"wiederholen" smallint NOT NULL DEFAULT 0,
|
||||
"arbeitszeit_equivalent" smallint NOT NULL DEFAULT 100
|
||||
);
|
||||
|
||||
CREATE UNIQUE index feiertage_unique_pro_jahr on s_feiertage (
|
||||
extract ( year from datum ),
|
||||
name
|
||||
);
|
||||
|
||||
-- Adds crypto extension
|
||||
|
||||
CREATE EXTENSION IF NOT EXISTS pgcrypto;
|
||||
@@ -1,8 +0,0 @@
|
||||
INSERT INTO "s_personal_daten" ("personal_nummer", "aktiv_beschaeftigt", "vorname", "nachname", "geburtsdatum", "plz", "adresse", "geschlecht", "card_uid", "hauptbeschaeftigungs_ort", "arbeitszeit_per_tag", "arbeitszeit_per_woche", "arbeitszeit_min_start", "arbeitszeit_max_ende", "vorgesetzter_pers_nr") VALUES
|
||||
(123, 't', 'Kim', 'Mustermensch', '2003-02-01', '08963', 'Altenburger Str. 44A', 1, 'aaaa-aaaa', 1, 8, 40, '07:00:00', '20:00:00', 0);
|
||||
|
||||
INSERT INTO "user_password" ("personal_nummer", "pass_hash") VALUES
|
||||
(123, crypt('max_pass', gen_salt('bf')));
|
||||
|
||||
INSERT INTO "s_anwesenheit_typen" ("anwesenheit_id", "anwesenheit_name") VALUES (1, 'Büro');
|
||||
INSERT INTO "s_abwesenheit_typen" ("abwesenheit_id", "abwesenheit_name", "arbeitszeit_equivalent") VALUES (1, 'Urlaub', 100), (2, 'Krank', 100), (3, 'Kurzarbeit', -1), (4, 'Urlaub untertags', 50);
|
||||
@@ -1,21 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e # Exit on error
|
||||
|
||||
echo "Creating PostgreSQL user and setting permissions... $POSTGRES_USER for API user $POSTGRES_API_USER"
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE USER $POSTGRES_API_USER WITH ENCRYPTED PASSWORD '$POSTGRES_API_PASS';
|
||||
EOSQL
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_API_USER;
|
||||
GRANT USAGE ON SCHEMA public TO $POSTGRES_API_USER;
|
||||
GRANT SELECT, INSERT, UPDATE ON anwesenheit, abwesenheit, user_password, wochen_report, s_feiertage TO $POSTGRES_API_USER;
|
||||
GRANT DELETE ON abwesenheit TO $POSTGRES_API_USER;
|
||||
GRANT SELECT ON s_personal_daten, s_abwesenheit_typen, s_anwesenheit_typen, s_feiertage TO $POSTGRES_API_USER;
|
||||
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO $POSTGRES_API_USER;
|
||||
EOSQL
|
||||
|
||||
echo "User creation and permissions setup complete!"
|
||||
|
||||
# psql -v ON_ERROR_STOP=1 --username root --dbname arbeitszeitmessung
|
||||
Reference in New Issue
Block a user