57 lines
1.7 KiB
Bash
Executable File
57 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e # Exit on error
|
|
|
|
echo "Creating PostgreSQL user and setting permissions... $POSTGRES_USER for API user $POSTGRES_API_USER"
|
|
|
|
|
|
|
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
|
CREATE ROLE migrate LOGIN ENCRYPTED PASSWORD '$POSTGRES_PASSWORD';
|
|
GRANT USAGE, CREATE ON SCHEMA public TO migrate;
|
|
GRANT CONNECT ON DATABASE arbeitszeitmessung TO migrate;
|
|
EOSQL
|
|
|
|
# psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
|
|
|
# GRANT SELECT, INSERT, UPDATE ON anwesenheit, abwesenheit, user_password, wochen_report, s_feiertage TO $POSTGRES_API_USER;
|
|
# GRANT DELETE ON abwesenheit TO $POSTGRES_API_USER;
|
|
# GRANT SELECT ON s_personal_daten, s_abwesenheit_typen, s_anwesenheit_typen, s_feiertage TO $POSTGRES_API_USER;
|
|
# GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO $POSTGRES_API_USER;
|
|
# EOSQL
|
|
|
|
echo "User creation and permissions setup complete!"
|
|
|
|
|
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
|
|
|
-- privilege roles
|
|
DO \$\$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'app_base') THEN
|
|
CREATE ROLE app_base NOLOGIN;
|
|
END IF;
|
|
END
|
|
\$\$;
|
|
|
|
-- dynamic login role
|
|
DO \$\$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '$POSTGRES_API_USER') THEN
|
|
CREATE ROLE $POSTGRES_API_USER
|
|
LOGIN
|
|
ENCRYPTED PASSWORD '$POSTGRES_API_PASS';
|
|
END IF;
|
|
END
|
|
\$\$;
|
|
|
|
-- grant base privileges
|
|
GRANT app_base TO $POSTGRES_API_USER;
|
|
GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_API_USER;
|
|
GRANT USAGE ON SCHEMA public TO $POSTGRES_API_USER;
|
|
|
|
CREATE EXTENSION IF NOT EXISTS pgcrypto;
|
|
|
|
EOSQL
|
|
|
|
# psql -v ON_ERROR_STOP=1 --username root --dbname arbeitszeitmessung
|