refactor: began refactoring access control in sql

2025-08-16 22:21:41 +03:00
parent c7a440e38f
commit dd2960a742
3 changed files with 443 additions and 54 deletions
--- a/sqlc/schema.sql
+++ b/sqlc/schema.sql
@@ -121,3 +121,63 @@ CREATE TABLE IF NOT EXISTS "wishes" (
  fulfilled_date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
  deleted BOOLEAN NOT NULL DEFAULT FALSE
 );
+
+CREATE OR REPLACE FUNCTION get_profile(requester_user_id BIGINT, target_profile_id BIGINT)
+RETURNS JSONB AS $$
+DECLARE
+    profile_record profiles%ROWTYPE;
+    settings_record profile_settings%ROWTYPE;
+    is_owner BOOLEAN;
+    is_banned BOOLEAN;
+    is_deleted BOOLEAN;
+BEGIN
+    -- Check if target user exists and is not deleted/banned
+    SELECT p.*, u.deleted INTO profile_record
+    FROM profiles p
+    JOIN users u ON p.user_id = u.id
+    WHERE p.id = target_profile_id;
+    
+    IF NOT FOUND THEN
+        RETURN NULL;  -- Or raise an exception for "not found"
+    END IF;
+    
+    is_deleted := profile_record.deleted;  -- From users table
+    IF is_deleted THEN
+        RETURN NULL;
+    END IF;
+    
+    -- Check if requester is banned (simplified; expand as needed)
+    SELECT EXISTS(SELECT 1 FROM banned_users WHERE user_id = requester_user_id AND pardoned = FALSE AND (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)) INTO is_banned;
+    IF is_banned THEN
+        RAISE EXCEPTION 'Requester is banned';
+    END IF;
+    
+    -- Determine ownership
+    is_owner := (profile_record.user_id = requester_user_id);
+    
+    -- Fetch settings
+    SELECT * INTO settings_record FROM profile_settings WHERE profile_id = target_profile_id;
+    
+    -- Apply privacy: Hide for unauthenticated or based on settings
+    IF requester_user_id IS NULL AND settings_record.hide_for_unauthenticated THEN  -- NULL requester means unauth
+        RETURN NULL;
+    END IF;
+    
+    IF NOT is_owner AND settings_record.hide_profile_details THEN
+        RETURN NULL;  -- Or return minimal public data
+    END IF;
+    
+    -- Sanitize fields based on settings
+    IF NOT is_owner AND settings_record.hide_birthday THEN
+        profile_record.birthday := NULL;
+    END IF;
+    -- Add more field-level masking here (e.g., bio, avatar_url)
+    
+    -- Return as JSONB for easy app consumption
+    RETURN row_to_json(profile_record)::JSONB;
+EXCEPTION
+    WHEN OTHERS THEN
+        RAISE NOTICE 'Access denied: %', SQLERRM;
+        RETURN NULL;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;