#!/bin/bash
set -e  # Exit on error

echo "Creating PostgreSQL user and setting permissions... $POSTGRES_USER for API user $POSTGRES_API_USER"



psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    CREATE ROLE migrate LOGIN ENCRYPTED PASSWORD '$POSTGRES_PASSWORD';
    GRANT USAGE, CREATE ON SCHEMA public TO migrate;
EOSQL

# psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL

#     GRANT SELECT, INSERT, UPDATE ON anwesenheit, abwesenheit, user_password, wochen_report, s_feiertage TO $POSTGRES_API_USER;
#     GRANT DELETE ON abwesenheit TO $POSTGRES_API_USER;
#     GRANT SELECT ON s_personal_daten, s_abwesenheit_typen, s_anwesenheit_typen, s_feiertage TO $POSTGRES_API_USER;
#     GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO $POSTGRES_API_USER;
# EOSQL

echo "User creation and permissions setup complete!"


psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL

-- privilege roles
DO \$\$
BEGIN
    IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'app_base') THEN
        CREATE ROLE app_base NOLOGIN;
    END IF;
END
\$\$;

-- dynamic login role
DO \$\$
BEGIN
    IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '$POSTGRES_API_USER') THEN
        CREATE ROLE $POSTGRES_API_USER
            LOGIN
            ENCRYPTED PASSWORD '$POSTGRES_API_PASS';
    END IF;
END
\$\$;

-- grant base privileges
GRANT app_base TO $POSTGRES_API_USER;
GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_API_USER;
GRANT USAGE ON SCHEMA public TO $POSTGRES_API_USER;

CREATE EXTENSION IF NOT EXISTS pgcrypto;

EOSQL

# psql -v ON_ERROR_STOP=1 --username root --dbname arbeitszeitmessung